Modern development teams rely on Continuous Integration (CI) pipelines to automate testing, building, and deployment of their code. However, if the configuration files defining these pipelines are manipulated by malicious actors, it can lead to "poisoning" where unauthorized or harmful commands are executed during automated runs. Poisoned Pipeline Execution (PPE) occurs when attackers exploit vulnerabilities in CI/CD pipelines to execute unauthorized code, potentially compromising credentials, modifying production artifacts, or establishing persistent backdoors. The three primary flavors of PPE are Direct PPE, Indirect PPE, and Public PPE. Pipelines often run unreviewed code with high privileges, making them susceptible to attacks that can lead to code tampering, credential theft, persistent backdoors, and infrastructure compromise. To protect against PPE, teams should isolate untrusted code, take their CI config seriously, be stingy with credentials, and think twice about what triggers the pipeline.