pixi
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The script
scripts/check_pixi.shsuggests an installation commandcurl -fsSL https://pixi.sh/install.sh | bash. This pattern involves executing a remote script from a non-trusted domain directly in the shell, which is a significant security risk for agents following these instructions. - COMMAND_EXECUTION (HIGH): The file
scripts/pixi_info.pyimplements shell command execution viasubprocess.run(shell=True). This is a high-risk practice that can lead to shell injection if variables like environment names are manipulated by malicious project metadata. - REMOTE_CODE_EXECUTION (HIGH): The combined presence of untrusted installation sources and a shell-execution surface facilitates potential remote code execution.
- Indirect Prompt Injection (HIGH): (Category 8) The skill ingests untrusted project data through
pixi infoandpixi listcommands and processes it using shell-based tools. A maliciouspixi.tomlfile in a project directory could contain crafted metadata to exploit the shell-execution capability. - Ingestion points: JSON output from
pixi infoandpixi listinscripts/pixi_info.py. - Boundary markers: Absent.
- Capability inventory: Shell command execution via
subprocess.run(shell=True)inscripts/pixi_info.pyand various task execution capabilities mentioned in documentation. - Sanitization: Absent.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://pixi.sh/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata