qbcore-framework
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were detected.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file path access detected. Network operations are limited to standard game-engine internal communication.
- [Obfuscation] (SAFE): No encoded or hidden content (Base64, zero-width characters, etc.) detected.
- [Unverifiable Dependencies] (SAFE): No suspicious package installations or remote script executions. References to standard framework resources (qb-core, oxmysql) are appropriate for the context.
- [Privilege Escalation] (SAFE): No commands for escalating system privileges (e.g., sudo, chmod) were identified.
- [Persistence Mechanisms] (SAFE): No attempts to establish persistent access to the host system.
- [Indirect Prompt Injection] (SAFE): The skill documents data ingestion via callbacks and events but provides mandatory sanitization guidance. Ingestion points: callbacks/events (examples.md); Boundary markers: instructional warnings (best-practices.md); Capability inventory: money/item functions and DB access; Sanitization: validation examples included.
- [Dynamic Execution] (SAFE): Database examples correctly use parameterized queries to prevent SQL injection. No unsafe use of eval() or dynamic code loading.
Audit Metadata