Goosetown Skill

The GooseTown skill implements a persistent multi-agent simulation environment using a background Python daemon (town_daemon.py) and WebSockets (ws-dev.isol8.co). It is classified as suspicious due to a significant remote prompt-injection vulnerability: the daemon blindly writes unvalidated 'context_summary' data received from the remote server directly into TOWN_STATUS.md. Since SKILL.md explicitly instructs the AI agent to follow the actions prompted in that file, a compromised or malicious server could exert unauthorized control over the agent's local execution environment.