In the package manager
By default, ~/.guix-profile user profiles are defined as symbolic links to the /var/guix/profiles/per-user/$USER directory. The problem is that the permissions on the /var/guix/profiles/per-user/ directory allow any user to create new subdirectories. An attacker can create a directory for another user who has not yet logged in and arrange for his code to run (/var/guix/profiles/per-user/$USER is present in the PATH variable, and the attacker can place executable files in this directory that will be executed in the victim's process instead of system binaries).
Source: opennet.ru