Malicious plugin names, recipients, or identities can cause arbitrary binary execution