pixi

SUSPICIOUS. The skill’s purpose is broadly consistent with package/environment management, but it is framed as Pixi while actually steering the agent to the x-cmd wrapper and its auto-install/mirror logic. This is not clearly malicious, yet the extra trust layer and third-party mirror routing make the footprint riskier than a normal official Pixi guide.