midjourney
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (HIGH): The skill directs users to execute code directly from the web using
curl -sSL https://canifi.com/skills/midjourney/install.sh | bash. This is a critical vulnerability that allows an untrusted external source to execute arbitrary commands on the host system. - External Downloads (HIGH): The installation and setup processes depend on scripts hosted at
canifi.com, which is not a trusted repository or organization, increasing the risk of supply chain attacks. - Credentials Unsafe (HIGH): The skill prompts users to provide
MIDJOURNEY_EMAILandMIDJOURNEY_PASSWORD. While it claims thecanifi-envtool stores these locally, the tool itself is installed via an unverified remote script, creating a high probability of credential theft. - Command Execution (MEDIUM): The skill relies on Playwright browser automation and automated environment variable manipulation, which provides a significant attack surface if the underlying installation scripts are malicious.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/skills/midjourney/install.sh, https://canifi.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata