Midjourney

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Midjourney guide with no local code or hidden access, but users should avoid sharing sensitive prompts or images through Discord or Midjourney.

Install this if you want a reference guide for using Midjourney in Discord. Do not submit confidential, personal, regulated, or proprietary prompts or images unless you are comfortable with Discord and Midjourney processing and potentially retaining them; also check channel visibility, account settings, pricing, and Midjourney terms before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs users to generate images and upload or reference images through Discord and Midjourney, but it does not clearly disclose that prompts, uploaded images, and related metadata are transmitted to and stored by third-party services. This creates a real privacy risk because users may unknowingly submit sensitive or proprietary content to external platforms with different retention, visibility, and policy controls.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal