0xkey-keyops-coordinator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's required init flow (scripts/role_init.py and references/qos-client-platform.md / SKILL.md) auto-fetches the operator binary (qos_client) and resolves "latest" from the public GitHub Releases API for https://github.com/0xkey-io/qos, and that fetched binary and release metadata are consumed/verified and then used by the Coordinator workflow to run ceremony commands — so third‑party release content can materially change tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill auto-fetches and installs the operator binary from https://github.com/0xkey-io/qos (resolved via the GitHub Releases API /repos//releases/latest) at role_init.py runtime and then relies on and executes that fetched qos_client as a required dependency, so this is a runtime external dependency that can execute remote code.