qbox-framework
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety guidelines were found. The skill focuses entirely on FiveM development patterns.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network operations were detected. External links are restricted to official documentation and GitHub repositories for the framework.
- Obfuscation (SAFE): All provided code and documentation are in plain text. No Base64 encoding, zero-width characters, or homoglyphs were used.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The dependencies listed (qbx_core, ox_lib, ox_inventory, oxmysql) are standard, well-recognized libraries in the FiveM community. There is no evidence of remote script execution or piped shell commands.
- Privilege Escalation (SAFE): No commands for acquiring system-level permissions (e.g., sudo, chmod) are present. The skill operates within the context of the FiveM game sandbox.
- Persistence Mechanisms (SAFE): No attempts to modify startup scripts, crontabs, or registry keys for persistence were found.
- Indirect Prompt Injection (SAFE): While the skill handles player-provided data, it specifically includes best practices for server-side validation to prevent exploitation of callbacks and server events.
- Dynamic Execution (SAFE): No use of eval(), exec(), or runtime compilation techniques was found.
Audit Metadata