pixi

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). These URLs include direct remote-install scripts (pixi.sh/install.sh and install.ps1) invoked with curl|sh and Invoke-Expression plus a custom PyPI index (custom-index.com) which are high-risk supply‑chain/remote‑code execution vectors; GitHub and pypi.org are lower risk but still require verification of the repo and package sources.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required docs (SKILL.md and referenced manifest examples) instruct the tool to fetch and install code from public, user-contributed sources — e.g., "pixi add --pypi requests", pypi-config index-url/extra-index-urls, channel URLs, and manifest entries like package = { git = "https://github.com/user/repo.git" } — which are untrusted third‑party artifacts the workflow will ingest and can alter tasks/commands at runtime.