Although it is very difficult, almost impossible in some cases, to deduce who is sending a transaction to who in a coinjoin transaction, CoinJoins are so big and clustered that they are easy for anybody to see that there is a coinjoin happening on a block explorer.

These blockchain analysis companies see a list of successive coinjoin transactions done from several addresses, and usually incorrectly deduce that since CoinJoin services (or mixers) made these transactions, they must be inherently bad. Thus explaining the high risk score you always see when you check an address that's received funds from Wasabi/Samourai/mixers.