The helper recipient::run_v1 in the plugin-support crate (age-plugin/src/recipient.rs:453) validates the number of stanzas returned by a plugin using assert_eq!(stanzas.len(), expected_stanzas). A faulty or malicious plugin can violate this expectation and cause the plugin process to panic, aborting the encryption workflow and denying service to the caller.

Recommendation:

Replace the assertion with a checked comparison that, on mismatch, returns a recipient::Error::Internal (or similar) via the IPC channel. The client can then surface a graceful EncryptError::Plugin instead of observing an abrupt plugin crash.