Poisoned Pipeline Execution (PPE) is a critical security risk where attackers exploit permissions within source code repositories to execute malicious commands in build and test pipelines, as outlined in the OWASP Top 10 CI/CD Security Risks. PPE attacks can occur in three forms: Direct, Indirect, and Public. Direct PPE involves modifying pipeline configuration files to execute harmful instructions, while Indirect PPE allows attackers to exploit scripts or tools referenced by these configurations. Public PPE occurs when attackers submit pull requests to public repositories, especially when the same Continuous Integration (CI) instance serves both public and private repositories, risking exposure of sensitive assets. Protecting against PPE attacks involves separating pipelines for pull requests, requiring code reviews, securing webhook triggers, and managing pipeline configurations separately from application code. Harness CI offers features such as role-based access controls, manual approval stages, and separate management of pipeline triggers to safeguard against PPE attacks.