getfenv(0).getmetatable = 'not a function'
print(Instance.new('Part'))
--> attempt to call global 'getmetatable' (a string value)

The problem is that the proxy code uses the global environment and that the user can modify the global environment. There may be similar issues with the user using setfenv on trusted functions.

Fixed by doing something like this:

local sandbox_env = {}
local sandbox_mt = { __index = getfenv(0), __metatable = "The metatable is locked" }
setmetatable(sandbox_env, sandbox_mt)

That way, doing getfenv(0).something doesn't affect the real environment.

Still a problem of sorts, not in RBX.Lua but in regular Lua