pp-midjourney
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to install the
midjourney-pp-cliand a corresponding MCP server using package managers. Specifically, it usesnpxto fetch@mvanhorn/printing-press-libraryandgo installto fetch the module fromgithub.com/mvanhorn/printing-press-library. These resources are owned by the vendor. - [COMMAND_EXECUTION]: The skill facilitates the execution of the
midjourney-pp-clibinary to perform various Midjourney-related tasks. It passes user-provided arguments and subcommands directly to the shell environment using theRead Bashtool. - [CREDENTIALS_UNSAFE]: To function, the skill requires the user to set the
MIDJOURNEY_COOKIE_HEADERenvironment variable. This variable contains sensitive authentication data used to communicate with the Midjourney API. The skill also manages configuration profiles and feedback logs stored in the~/.midjourney-pp-cli/directory. - [DATA_EXFILTRATION]: The CLI tool contains built-in features for sending data to external endpoints. The
--deliver webhook:<url>flag allows users to route the output of any command to a remote URL. Additionally, thefeedbackcommand can be configured to automatically transmit local logs to a remote server defined byMIDJOURNEY_FEEDBACK_ENDPOINT. - [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection by taking natural language input from the user and passing it to the
midjourney-pp-cli whichcommand to resolve functionality. - Ingestion points: User queries for capabilities in the
Direct Usesection. - Boundary markers: None present for the
whichcommand arguments. - Capability inventory: The skill can execute shell commands, perform network requests, and write to the local filesystem.
- Sanitization: No explicit sanitization or validation of the natural language query is described.
Audit Metadata