Severity

Medium (privacy / footgun)

Where

crates/goose-cli/src/logging.rs

What was observed

When no RUST_LOG is set, the default filter directives include goose=debug (and other debug directives).

Why this matters

Debug-by-default for an agent that handles prompts, files, and tokens is risky. Logs can silently become sensitive artifacts on disk.