I've downloaded Goose for the first time, connected it to a local model, and explored it. I noticed the "Autonomous" indicator and decided to find out what it meant. The manual does explain the permissions and warns that Autonomous is the default.

You can't expect every new user to first read all of the manual before doing anything, then finding this warning and changing the setting. Instead, new users will most likely leave this set at its default, making it possible for things to go horribly wrong, as the only other safeguards are in the prompting. See my example below using a local model and a simple prompt.

Expected behavior
Either:

• Chat only or manual as the default; or
• a modal dialog on startup warning of the danger.

Screenshots

Here's an example of the kind of command that would be happily executed if I'd let it. These kinds of commands can have subtle bugs or misunderstandings and you don't know because users can use even very stupid models and prompts.

Please provide following information:

• OS & Arch: MacOS 15.5
• Interface: UI
• Version: v1.0.24
• Extensions enabled: Developer (by default!)
• Provider & Model: Local OpenAI-like via LM-Studio, the example below using josiefied-qwen3-8b-abliterated-v1 which is an uncensored model, something other users might have as well.

Additional context
I'm asking you, the developers of Goose, to think of the liability you take on with such an insecure default.

Other agnetic tools use docker containers, which is another way to make this kind of tool use less of a security problem.