What happens if you connect a yubikey to a qube after sys-usb is compromised? Would you need to go in and change credentials and delete that qube now? Or is Qrexec tight enough about what gets passed from sys-usb to the work qube that it’s probably fine?