aeo-recommend

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs external tooling via commands like npx goose-aeo recommend --json, which at runtime will fetch and execute the external "goose-aeo" package (repository: https://github.com/athina-ai/goose-aeo), so remote code and prompt/templates from that repo can directly run and influence agent behavior.