plotting-agent

SUSPICIOUS. The plotting purpose is coherent and the local fallback scripts are proportionate, but the optional PaperBanana integration materially increases risk: it delegates execution to an unpinned external codebase and may forward a Gemini API key and paper content through third-party code with unclear provenance. No direct malicious behavior is shown, but the install/execution trust and credential-forwarding model are inconsistent with a low-risk plotting skill.