Most tutorials treat the Goose runtime like a standard Node/Python sandbox. It is not. The local execution context is a trap.
Common patterns I see that will burn you:
* Passing raw API keys via environment variables to the runtime. The runtime's internal state is not a trusted boundary.
* Using community extensions without verifying their signature or hash against the known Goose build. The supply chain is only as strong as your verification step.
* Assuming the sandbox isolates extensions from each other completely. Shared resources exist. A malicious or buggy extension can impact others.
* Treating local-only execution as "safe enough" for credential handling. Local data can be exfiltrated by a compromised extension.
The root issue is modeling trust incorrectly. You must assume the runtime itself is a high-value target. Credentials belong in a TPM or an HSM, not in the runtime's env. Extensions must be treated like untrusted firmware modules until attested.
Trust the hardware.