Skills
skills/joelhooks/joelclaw/inngest-local/Gen Agent Trust Hub

inngest-local

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the user to execute curl -sL joelclaw.com/scripts/inngest-setup.sh | bash. This pattern of piped remote execution is highly dangerous as it executes unverified code from an external domain directly on the host machine.
  • [COMMAND_EXECUTION]: The skill provides instructions to create and load a macOS launchd plist file (~/Library/LaunchAgents/com.you.inngest-worker.plist) to ensure the worker process starts automatically and remains persistent across system reboots.
  • [EXTERNAL_DOWNLOADS]: The skill downloads the inngest/inngest:latest container image from Docker Hub and installs external Node.js dependencies including inngest, @inngest/ai, and hono using the Bun runtime.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 1, 2026, 12:16 AM