Naruto Multi-Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Naruto-themed dispatcher that delegates user tasks to named sub-agents, with no install hooks, executable code, hidden data flow, or credential handling found.

Install this only if you want ordinary work requests routed into persistent named sub-agent sessions. Avoid including secrets or sensitive production context unless you are comfortable with that context being copied into a delegated task, and give clear limits before asking it to perform account-changing or destructive work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill uses very broad activation language such as responding whenever it 'receive[s] a mission request,' but it does not clearly define what qualifies as a mission versus normal conversation, analysis, or harmless roleplay. In a dispatcher skill that automatically delegates via `sessions_spawn`, ambiguous triggering can cause unintended sub-agent execution on ordinary user inputs, increasing the risk of prompt injection propagation, unnecessary task spawning, and loss of user intent control.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal