Skills
skills/spatie/flare-cli/flare/Gen Agent Trust Hub

flare

Warn

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs users to install the spatie/flare-cli package via Composer. While Spatie is a known PHP developer, it is not included in the predefined list of trusted organizations.
  • COMMAND_EXECUTION (SAFE): The skill executes various flare commands to interact with the Flare API. These actions are aligned with the skill's stated purpose of managing error tracking and monitoring.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests potentially untrusted data from the Flare API, such as exception messages and stack traces, which could be influenced by an external attacker to manipulate the agent's behavior. 1. Ingestion points: flare list-project-errors and flare get-error-occurrence. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution of the flare CLI tool. 4. Sanitization: No sanitization of the error data or traces is performed before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 22, 2026, 06:17 AM