Skills
skills/kishorkukreja/awesome-supply-chain/traveling-salesman-problem/Gen Agent Trust Hub

traveling-salesman-problem

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No evidence of prompt injection attempts, safety filter bypasses, or instructions to ignore system guidelines. The content is strictly focused on route optimization and algorithmic problem-solving.
  • [DATA_EXFILTRATION]: No sensitive file path access, hardcoded credentials, or suspicious network operations were found. The skill operates on local numeric data such as distance matrices and coordinates.
  • [REMOTE_CODE_EXECUTION]: No remote code execution patterns detected. There are no instances of fetching and executing scripts from external URLs (e.g., curl | bash).
  • [COMMAND_EXECUTION]: The skill includes Python scripts for algorithmic calculations. These scripts use standard libraries (NumPy, PuLP, OR-Tools) for linear programming and combinatorial optimization. No dangerous subprocess calls or shell command execution on untrusted data were identified.
  • [EXTERNAL_DOWNLOADS]: Mentions well-known and trusted Python libraries and solvers (Google OR-Tools, PuLP, Gurobi, CPLEX). These are industry-standard tools for optimization. No downloads from untrusted or unknown sources are requested.
  • [OBFUSCATION]: The file was analyzed for Base64, hex encoding, zero-width characters, and homoglyphs. No obfuscation techniques were found; all code and instructions are in plain text.
  • [PRIVILEGE_ESCALATION]: No commands for acquiring administrative privileges or modifying system-level configurations were detected.
  • [PERSISTENCE_MECHANISMS]: No attempts to establish persistence (e.g., modifying shell profiles or cron jobs) were found.
  • [DYNAMIC_EXECUTION]: No use of unsafe dynamic execution functions like eval(), exec(), or unsafe deserialization (pickle) was observed. The logic is implemented through static algorithmic code.
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: Processes user-provided distance matrices and coordinate lists in SKILL.md.
  • Boundary markers: Not explicitly defined, but inputs are expected to be strictly numerical data types (integers/floats).
  • Capability inventory: Code performs mathematical calculations and logic for TSP solvers. No file-writing or network operations are included in the scripts.
  • Sanitization: Standard Python type handling (int/float/np.array) provides inherent validation against non-numeric injection in the context of these specific scripts.
  • Conclusion: Risk is minimal as the attack surface is limited to numerical inputs for algorithmic solvers.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 08:19 PM