pixi
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (HIGH): An automated scan detected a piped remote execution pattern:
curl -fsSL https://pixi.sh/install.sh | sh. While this is a common installation method for developer tools, it executes remote code without verification and the source domain (pixi.sh) is not on the trusted external sources whitelist. - Indirect Prompt Injection (LOW): The skill is designed to process and act upon content from manifest files (
pixi.toml,pyproject.toml) which may be provided by untrusted third parties in a repository context. - Ingestion points:
pixi.toml,pyproject.toml(README.md, references/manifest.md). - Boundary markers: None detected; the agent is instructed to use these files as authoritative for project configuration.
- Capability inventory: The skill enables subprocess execution via
pixi run,pixi shell, andpixi task add(references/commands.md). - Sanitization: None detected; the skill relies on the Pixi CLI to parse and execute commands defined in the manifest.
- Command Execution (LOW): The skill documentation describes extensive use of the
pixiCLI to manage environments and run tasks. While these are legitimate functions of the tool, they provide a powerful interface for an agent to execute arbitrary commands if directed by a malicious manifest.
Recommendations
- HIGH: Downloads and executes remote code from: https://pixi.sh/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata