deepen-plan

SUSPICIOUS: the stated purpose is plan enhancement, but the actual footprint is much broader. The main issue is transitive trust: it enumerates and executes arbitrary local/plugin skills and agents, tells sub-agents to follow their instructions exactly, and combines that with external research sources and file writes. There is no clear malware payload or credential theft logic, but the scope and trust expansion are disproportionate and create high supply-chain and prompt-injection risk.