Goose Extensible AI Coding Agent by Block

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly states Goose has "built-in web search and browsing" and an MCP extension system that can connect to arbitrary services (e.g., GitHub, Slack, public websites), meaning the agent can fetch and read untrusted public web or third-party content that could influence its actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly enables autonomous installation of packages, execution of shell commands, and file edits (including using system package managers and writing config under ~/.config), which can modify the machine's state and be used to perform privileged or harmful actions even though it doesn't explicitly request sudo or user creation.