0d3cb498a3
Deploy local.promptfoo.app / Deploy to Cloudflare Pages (push) Waiting to run
Test and Publish Multi-arch Docker Image / test (push) Waiting to run
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-amd64 platform:linux/amd64 runner:ubuntu-latest]) (push) Blocked by required conditions
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-arm64 platform:linux/arm64 runner:ubuntu-24.04-arm]) (push) Blocked by required conditions
Test and Publish Multi-arch Docker Image / merge-docker-digests (push) Blocked by required conditions
Test and Publish Multi-arch Docker Image / Attest Multi-arch Image (push) Blocked by required conditions
CI / Shell Format Check (push) Waiting to run
CI / Check Ruby (3.4) (push) Waiting to run
CI / CI Config (push) Waiting to run
CI / Test on Node ${{ matrix.node }} and ${{ matrix.os }}${{ matrix.shard && format(' (shard {0}/3)', matrix.shard) || '' }} (push) Blocked by required conditions
CI / Build on Node ${{ matrix.node }} (push) Blocked by required conditions
CI / Style Check (push) Waiting to run
CI / Generate Assets (push) Waiting to run
CI / Check Python (3.14) (push) Waiting to run
CI / Check Python (3.9) (push) Waiting to run
CI / Build Docs (push) Waiting to run
CI / Code Scan Action (push) Waiting to run
CI / Site tests (push) Waiting to run
CI / webui tests (push) Waiting to run
CI / Run Integration Tests (push) Waiting to run
CI / Run Smoke Tests (push) Waiting to run
CI / Go Tests (push) Waiting to run
CI / Share Test (push) Waiting to run
CI / Redteam (Production API) (push) Waiting to run
CI / Redteam (Staging API) (push) Waiting to run
CI / GitHub Actions Lint (push) Waiting to run
CI / Check Ruby (3.0) (push) Waiting to run
release-please / release-please (push) Waiting to run
release-please / build (push) Blocked by required conditions
release-please / publish-npm (push) Blocked by required conditions
release-please / publish-npm-backfill (push) Waiting to run
release-please / docker (push) Blocked by required conditions
release-please / publish-code-scan-action (push) Blocked by required conditions
release-please / attest-code-scan-action (push) Blocked by required conditions
Validate Renovate Config / Validate Renovate Configuration (push) Waiting to run
redteam-indirect-web-pwn (Red Team Data Exfiltration via Indirect Web Prompt Injection)
You can run this example with:
npx promptfoo@latest init --example redteam-indirect-web-pwn
cd redteam-indirect-web-pwn
Introduction
This example demonstrates how to test an AI assistant for data exfiltration vulnerabilities using promptfoo's indirect-web-pwn strategy.
The attack works by:
- Creating a web page with hidden prompt injection instructions
- Asking the AI assistant to fetch and summarize the page
- The injected instructions attempt to trick the model into encoding sensitive data into URL query parameters (e.g., markdown images like
)
The custom provider (provider.js) simulates a realistic AI assistant with a web_fetch tool that actually fetches URLs, making it a valid target for this attack.
Setup
- Install dependencies:
npm install
- Set your OpenAI API key:
export OPENAI_API_KEY=your-api-key-here
Running
Run the full red team scan (generates test cases and evaluates) in one command:
npx promptfoo@latest redteam run
View results:
npx promptfoo@latest view
What to Look For
- FAIL results indicate the model attempted to exfiltrate data by embedding values in URL query parameters or markdown images
- PASS results indicate the model refused the injection or did not attempt exfiltration