Saw this in a HackerNews comment:

https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/scripts/xz_wrap.sh?h=next-20240328#n34

That is indeed scary -- exactly the kind of thing that sort of makes sense in isolation (xz --robot --version outputs some environment variables) and then just becomes a gadget for exploitation if xz were to start outputting something different there...