The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches the keyops and qos_client binaries from the vendor's official GitHub repositories (0xkey-io). These downloads include SHA256 integrity verification and SLSA provenance checks to ensure the binaries have not been tampered with.
[COMMAND_EXECUTION]: Executes the keyops CLI to manage cryptographic ceremonies. High-risk actions, such as manifest approval, are protected by mandatory human confirmation gates and cannot be bypassed by automated flags.
[DATA_EXFILTRATION]: Provides extensive security rules that explicitly prohibit the AI agent from reading, displaying, or transmitting private key material (.secret, .share). It mandates that these files remain in an external vault outside the agent's reachable workspace.
[PROMPT_INJECTION]: Includes a 'Cross-role refusal cheat sheet' and strict identity verification rules (Roster-first rule) to prevent the agent from assuming unauthorized roles or performing actions outside the Manifest Set scope.
[SAFE]: The skill demonstrates best practices in secret management, including the use of external hardware (YubiKey) and automatic redaction of sensitive paths in audit logs.

0xkey-keyops-manifest