deepen-plan

SUSPICIOUS: the stated goal is plan enhancement, but the actual footprint is much broader. The main risk is transitive execution of all discovered local/global/plugin skills and agents, plus injection exposure from web/docs/markdown inputs combined with file-write capability. Not confirmed malware, but high-risk workflow orchestration for an AI agent.