Files
wehub-resource-sync 0d3cb498a3
Deploy local.promptfoo.app / Deploy to Cloudflare Pages (push) Waiting to run
Test and Publish Multi-arch Docker Image / test (push) Waiting to run
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-amd64 platform:linux/amd64 runner:ubuntu-latest]) (push) Blocked by required conditions
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-arm64 platform:linux/arm64 runner:ubuntu-24.04-arm]) (push) Blocked by required conditions
Test and Publish Multi-arch Docker Image / merge-docker-digests (push) Blocked by required conditions
Test and Publish Multi-arch Docker Image / Attest Multi-arch Image (push) Blocked by required conditions
Validate Renovate Config / Validate Renovate Configuration (push) Waiting to run
CI / Shell Format Check (push) Has been cancelled
CI / Check Ruby (3.4) (push) Has been cancelled
CI / CI Config (push) Has been cancelled
CI / Test on Node ${{ matrix.node }} and ${{ matrix.os }}${{ matrix.shard && format(' (shard {0}/3)', matrix.shard) || '' }} (push) Has been cancelled
CI / Build on Node ${{ matrix.node }} (push) Has been cancelled
CI / Style Check (push) Has been cancelled
CI / Generate Assets (push) Has been cancelled
CI / Check Python (3.14) (push) Has been cancelled
CI / Check Python (3.9) (push) Has been cancelled
CI / Build Docs (push) Has been cancelled
CI / Code Scan Action (push) Has been cancelled
CI / Site tests (push) Has been cancelled
CI / webui tests (push) Has been cancelled
CI / Run Integration Tests (push) Has been cancelled
CI / Run Smoke Tests (push) Has been cancelled
CI / Go Tests (push) Has been cancelled
CI / Share Test (push) Has been cancelled
CI / Redteam (Production API) (push) Has been cancelled
CI / Redteam (Staging API) (push) Has been cancelled
CI / GitHub Actions Lint (push) Has been cancelled
CI / Check Ruby (3.0) (push) Has been cancelled
release-please / release-please (push) Has been cancelled
release-please / build (push) Has been cancelled
release-please / publish-npm (push) Has been cancelled
release-please / publish-npm-backfill (push) Has been cancelled
release-please / docker (push) Has been cancelled
release-please / publish-code-scan-action (push) Has been cancelled
release-please / attest-code-scan-action (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:24:08 +08:00

2501 lines
70 KiB
TypeScript

export const PLUGIN_CATEGORIES = [
'Brand',
'Compliance and Legal',
'Dataset',
'Security and Access Control',
'Trust and Safety',
'Custom',
] as const;
export interface CategoryDescription {
category: PluginCategory;
description: string;
}
export const CATEGORY_DESCRIPTIONS: CategoryDescription[] = [
{
category: 'Brand',
description:
'Tests focused on brand protection, including competitor mentions, misinformation, hallucinations, and model behavior that could impact brand reputation.',
},
{
category: 'Compliance and Legal',
description:
'Tests for LLM behavior that may encourage illegal activity, breach contractual commitments, or violate intellectual property rights.',
},
{
category: 'Dataset',
description:
'Pre-compiled collections of test cases from research datasets designed to evaluate model safety, robustness, and alignment.',
},
{
category: 'Security and Access Control',
description:
'Technical security risk tests mapped to OWASP Top 10 for LLMs, APIs, and web applications, covering SQL injection, SSRF, broken access control, and cross-session leaks.',
},
{
category: 'Trust and Safety',
description:
'Tests that attempt to produce illicit, graphic, or inappropriate responses from the LLM.',
},
{
category: 'Custom',
description:
'Configurable tests for specific policies or generating custom probes for your use case.',
},
];
export const humanReadableCategoryList =
PLUGIN_CATEGORIES.slice(0, -1).join(', ') + ', and ' + PLUGIN_CATEGORIES.slice(-1);
export type PluginCategory = (typeof PLUGIN_CATEGORIES)[number];
export interface ApplicationTypes {
agent: boolean;
chat: boolean;
rag: boolean;
}
export type VulnerabilityType =
| 'bias'
| 'criminal'
| 'custom'
| 'ecommerce'
| 'financial'
| 'harmful'
| 'insurance'
| 'medical'
| 'misinformation and misuse'
| 'pharmacy'
| 'privacy'
| 'realestate'
| 'security'
| 'telecom';
export interface Plugin {
applicationTypes: ApplicationTypes;
category: PluginCategory;
description: string;
label: string | null;
link: string;
name: string;
pluginId: string;
vulnerabilityType: VulnerabilityType;
isRemote?: boolean;
}
// Type utility at the top
type AssertArrayIsSorted<T extends readonly { pluginId: string }[]> = T extends readonly [
infer First extends { pluginId: string },
infer Second extends { pluginId: string },
...infer Rest extends { pluginId: string }[],
]
? First['pluginId'] extends `${string}${Second['pluginId']}${string}`
? 'Array is not sorted by pluginId'
: AssertArrayIsSorted<[Second, ...Rest]>
: unknown;
// Define array first, then assert type
export const PLUGINS = [
{
category: 'Security and Access Control',
description: 'Tests whether an agent is vulnerable to memory poisoning attacks',
label: 'security',
link: '/docs/red-team/plugins/memory-poisoning/',
name: 'Memory Poisoning',
pluginId: 'agentic:memory-poisoning',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description: 'Attempts to obfuscate malicious content using ASCII smuggling',
label: 'technical',
link: '/docs/red-team/plugins/ascii-smuggling/',
name: 'ASCII Smuggling',
pluginId: 'ascii-smuggling',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Dataset',
description: 'Uses the BeaverTails prompt injection dataset',
label: 'harmful',
link: '/docs/red-team/plugins/beavertails/',
name: 'BeaverTails',
pluginId: 'beavertails',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
},
{
category: 'Security and Access Control',
description: 'Broken Function Level Authorization (BFLA) tests',
label: 'technical',
link: '/docs/red-team/plugins/bfla/',
name: 'Privilege Escalation',
pluginId: 'bfla',
applicationTypes: {
rag: true,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Tests handling of age bias, stereotypes, and discrimination',
label: 'bias',
link: '/docs/red-team/plugins/bias/',
name: 'Age Bias',
pluginId: 'bias:age',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'bias',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Tests handling of disability bias, stereotypes, and discrimination',
label: 'bias',
link: '/docs/red-team/plugins/bias/',
name: 'Disability Bias',
pluginId: 'bias:disability',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'bias',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Tests handling of gender bias, stereotypes, and discrimination',
label: 'bias',
link: '/docs/red-team/plugins/bias/',
name: 'Gender Bias',
pluginId: 'bias:gender',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'bias',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Tests handling of racial bias, stereotypes, and discrimination',
label: 'bias',
link: '/docs/red-team/plugins/bias/',
name: 'Race Bias',
pluginId: 'bias:race',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'bias',
isRemote: true,
},
{
category: 'Security and Access Control',
description: 'Broken Object Level Authorization (BOLA) tests',
label: 'technical',
link: '/docs/red-team/plugins/bola/',
name: 'Unauthorized Data Access',
pluginId: 'bola',
applicationTypes: {
rag: true,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Simulates Context Compliance Attacks to test whether an AI system can be tricked into generating restricted content using manipulated chat history.',
label: 'security',
link: '/docs/red-team/plugins/context-compliance-attack/',
name: 'CCA',
pluginId: 'cca',
applicationTypes: {
rag: true,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether a coding agent persists unsafe behavior by modifying repository automation, hooks, package scripts, or release tasks.',
label: 'security',
link: '/docs/red-team/plugins/coding-agent/',
name: 'Coding Agent Automation Poisoning',
pluginId: 'coding-agent:automation-poisoning',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests coding agents against every supported coding-agent plugin, including prompt injection, terminal output injection, secret handling, sandbox boundaries, network egress, procfs credentials, delayed CI exfiltration, generated vulnerabilities, automation poisoning, steganographic exfiltration, and verifier sabotage risks.',
label: 'security',
link: '/docs/red-team/plugins/coding-agent/',
name: 'Coding Agent Full Suite',
pluginId: 'coding-agent:all',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests coding agents against repository prompt injection, terminal output injection, secret environment read, sandbox read escape, and verifier sabotage risks.',
label: 'security',
link: '/docs/red-team/plugins/coding-agent/',
name: 'Coding Agent Core',
pluginId: 'coding-agent:core',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether a coding agent plants CI, workflow, hook, or scheduled automation changes that leak data after the immediate run.',
label: 'security',
link: '/docs/red-team/plugins/coding-agent/',
name: 'Coding Agent Delayed CI Exfiltration',
pluginId: 'coding-agent:delayed-ci-exfil',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether a coding agent introduces insecure code while satisfying a normal feature or bugfix request.',
label: 'security',
link: '/docs/red-team/plugins/coding-agent/',
name: 'Coding Agent Generated Vulnerability',
pluginId: 'coding-agent:generated-vulnerability',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether a coding agent makes unauthorized outbound network requests or bypasses the intended network policy.',
label: 'security',
link: '/docs/red-team/plugins/coding-agent/',
name: 'Coding Agent Network Egress Bypass',
pluginId: 'coding-agent:network-egress-bypass',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether a coding agent reads process metadata, inherited environment, file descriptors, or runtime credentials through procfs-like surfaces.',
label: 'security',
link: '/docs/red-team/plugins/coding-agent/',
name: 'Coding Agent Procfs Credential Read',
pluginId: 'coding-agent:procfs-credential-read',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether a coding agent follows prompt-injected instructions hidden in untrusted repository content.',
label: 'security',
link: '/docs/red-team/plugins/coding-agent/',
name: 'Coding Agent Repo Prompt Injection',
pluginId: 'coding-agent:repo-prompt-injection',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether a coding agent reads canaries outside the intended workspace or sandbox boundary.',
label: 'security',
link: '/docs/red-team/plugins/coding-agent/',
name: 'Coding Agent Sandbox Read Escape',
pluginId: 'coding-agent:sandbox-read-escape',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether a coding agent mutates files outside the intended workspace or sandbox boundary.',
label: 'security',
link: '/docs/red-team/plugins/coding-agent/',
name: 'Coding Agent Sandbox Write Escape',
pluginId: 'coding-agent:sandbox-write-escape',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether a coding agent reads or reveals launcher-only secrets from its environment.',
label: 'security',
link: '/docs/red-team/plugins/coding-agent/',
name: 'Coding Agent Secret Env Read',
pluginId: 'coding-agent:secret-env-read',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether a coding agent reads or reveals protected local files outside the task boundary.',
label: 'security',
link: '/docs/red-team/plugins/coding-agent/',
name: 'Coding Agent Secret File Read',
pluginId: 'coding-agent:secret-file-read',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether a coding agent hides sensitive data in encoded, transformed, or low-visibility outputs and artifacts.',
label: 'security',
link: '/docs/red-team/plugins/coding-agent/',
name: 'Coding Agent Steganographic Exfiltration',
pluginId: 'coding-agent:steganographic-exfil',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether a coding agent treats untrusted terminal output as instructions or propagates terminal-only receipts.',
label: 'security',
link: '/docs/red-team/plugins/coding-agent/',
name: 'Coding Agent Terminal Output Injection',
pluginId: 'coding-agent:terminal-output-injection',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether a coding agent weakens protected tests, verifier scripts, snapshots, policies, or lockfiles instead of fixing the requested code.',
label: 'security',
link: '/docs/red-team/plugins/coding-agent/',
name: 'Coding Agent Verifier Sabotage',
pluginId: 'coding-agent:verifier-sabotage',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Brand',
description: 'Competitor mentions and endorsements',
label: 'technical',
link: '/docs/red-team/plugins/competitors/',
name: 'Competitor Endorsement',
pluginId: 'competitors',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'misinformation and misuse',
isRemote: true,
},
{
category: 'Compliance and Legal',
description: 'Enters business or legal commitments without supervision',
label: 'brand',
link: '/docs/red-team/plugins/contracts/',
name: 'Unsupervised Contracts',
pluginId: 'contracts',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'misinformation and misuse',
},
{
category: 'Compliance and Legal',
description: "Tests compliance with children's privacy regulations (COPPA)",
label: 'compliance',
link: '/docs/red-team/plugins/coppa/',
name: 'COPPA',
pluginId: 'coppa',
isRemote: true,
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'privacy',
},
{
category: 'Security and Access Control',
description: 'Checks for information sharing between unrelated sessions',
label: 'technical',
link: '/docs/red-team/plugins/cross-session-leak/',
name: 'Cross-Session Leak',
pluginId: 'cross-session-leak',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
},
{
category: 'Dataset',
description: 'Tests prompt injection attacks using the CyberSecEval dataset',
label: 'technical',
link: '/docs/red-team/plugins/cyberseceval/',
name: 'CyberSecEval',
pluginId: 'cyberseceval',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
},
{
category: 'Dataset',
description: 'Tests prompt injection attacks using the Harmbench dataset',
label: 'technical',
link: '/docs/red-team/plugins/harmbench/',
name: 'Harmbench',
pluginId: 'harmbench',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
},
{
category: 'Dataset',
description: 'Evaluates model safety responses using the NVIDIA Aegis dataset',
label: 'harmful',
link: '/docs/red-team/plugins/aegis/',
name: 'Aegis',
pluginId: 'aegis',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
},
{
category: 'Security and Access Control',
description:
'Tests if an AI agent can be manipulated to exfiltrate sensitive data via indirect prompt injection in web content',
label: 'technical',
link: '/docs/red-team/plugins/data-exfil/',
name: 'Data Exfiltration',
pluginId: 'data-exfil',
applicationTypes: {
rag: false,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description: 'Attempts to access or use debugging commands',
label: 'technical',
link: '/docs/red-team/plugins/debug-access/',
name: 'Debug Access',
pluginId: 'debug-access',
applicationTypes: {
rag: true,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
},
{
category: 'Security and Access Control',
description:
'Tests whether an AI system can be manipulated into revealing its training data through repetitive pattern exploitation.',
label: 'security',
link: '/docs/red-team/plugins/divergent-repetition/',
name: 'Divergent Repetition',
pluginId: 'divergent-repetition',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
},
{
category: 'Dataset',
description: 'Tests how well LLMs handle harmful queries using the DoNotAnswer dataset',
label: 'technical',
link: '/docs/red-team/plugins/donotanswer/',
name: 'DoNotAnswer',
pluginId: 'donotanswer',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
},
{
category: 'Compliance and Legal',
description:
'Tests for bypassing age, geographic, and regulatory restrictions on e-commerce products',
label: 'compliance',
link: '/docs/red-team/plugins/ecommerce/',
name: 'E-commerce Compliance Bypass',
pluginId: 'ecommerce:compliance-bypass',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'ecommerce',
},
{
category: 'Security and Access Control',
description: 'Tests for order fraud, transaction manipulation, and return/refund policy abuse',
label: 'security',
link: '/docs/red-team/plugins/ecommerce/',
name: 'E-commerce Order Fraud',
pluginId: 'ecommerce:order-fraud',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'ecommerce',
},
{
category: 'Compliance and Legal',
description: 'Tests for PCI DSS violations and payment card data exposure',
label: 'compliance',
link: '/docs/red-team/plugins/ecommerce/',
name: 'E-commerce PCI DSS',
pluginId: 'ecommerce:pci-dss',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'ecommerce',
},
{
category: 'Security and Access Control',
description:
'Tests for unauthorized pricing changes, discount abuse, and promotional policy violations',
label: 'security',
link: '/docs/red-team/plugins/ecommerce/',
name: 'E-commerce Price Manipulation',
pluginId: 'ecommerce:price-manipulation',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'ecommerce',
},
{
category: 'Brand',
description: 'Model taking excessive initiative or misunderstanding its capabilities',
label: 'brand',
link: '/docs/red-team/plugins/excessive-agency/',
name: 'Excessive Agency',
pluginId: 'excessive-agency',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'misinformation and misuse',
},
{
category: 'Compliance and Legal',
description: 'Tests compliance with student educational privacy regulations (FERPA)',
label: 'compliance',
link: '/docs/red-team/plugins/ferpa/',
name: 'FERPA',
pluginId: 'ferpa',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'privacy',
},
{
category: 'Compliance and Legal',
description:
'Tests for errors in financial calculations, risk assessments, or quantitative analysis',
label: 'technical',
link: '/docs/red-team/plugins/financial/#financial-calculation-error',
name: 'Financial Calculation Error',
pluginId: 'financial:calculation-error',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'financial',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests for suggestions that violate securities laws, enable insider trading, or circumvent regulations',
label: 'technical',
link: '/docs/red-team/plugins/financial/#financial-compliance-violation',
name: 'Financial Compliance Violation',
pluginId: 'financial:compliance-violation',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'financial',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests for inappropriate disclosure of MNPI, proprietary strategies, or confidential financial data',
label: 'technical',
link: '/docs/red-team/plugins/financial/#financial-confidential-disclosure',
name: 'Financial Confidential Disclosure',
pluginId: 'financial:confidential-disclosure',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'financial',
isRemote: true,
},
{
category: 'Brand',
description: 'Tests for false financial narratives or misleading market information',
label: 'technical',
link: '/docs/red-team/plugins/financial/#financial-counterfactual',
name: 'Financial Counterfactual Narrative',
pluginId: 'financial:counterfactual',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'financial',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests for exposure of proprietary trading strategies or confidential financial data',
label: 'technical',
link: '/docs/red-team/plugins/financial/#financial-data-leakage',
name: 'Financial Data Leakage',
pluginId: 'financial:data-leakage',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'financial',
isRemote: true,
},
{
category: 'Brand',
description: 'Tests for false statements damaging financial entity reputations',
label: 'technical',
link: '/docs/red-team/plugins/financial/#financial-defamation',
name: 'Financial Defamation',
pluginId: 'financial:defamation',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'financial',
isRemote: true,
},
{
category: 'Brand',
description:
'Tests for fabricated market data, non-existent financial instruments, or fictional company information',
label: 'technical',
link: '/docs/red-team/plugins/financial/#financial-hallucination',
name: 'Financial Hallucination',
pluginId: 'financial:hallucination',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'financial',
isRemote: true,
},
{
category: 'Compliance and Legal',
description: 'Tests for unauthorized financial advice or transaction facilitation',
label: 'technical',
link: '/docs/red-team/plugins/financial/#financial-impartiality',
name: 'Financial Services Impartiality',
pluginId: 'financial:impartiality',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'financial',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
"Tests for unsuitable financial product recommendations or downplaying of risks under Japan's FIEA",
label: 'technical',
link: '/docs/red-team/plugins/financial/#japan-fiea-suitability',
name: 'Japan FIEA Suitability',
pluginId: 'financial:japan-fiea-suitability',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'financial',
isRemote: true,
},
{
category: 'Compliance and Legal',
description: 'Tests for facilitation of financial crimes or market manipulation',
label: 'technical',
link: '/docs/red-team/plugins/financial/#financial-misconduct',
name: 'Financial Services Misconduct',
pluginId: 'financial:misconduct',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'financial',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests for suggestions that violate Sarbanes-Oxley requirements including internal controls, financial reporting, and audit integrity',
label: 'technical',
link: '/docs/red-team/plugins/financial/#financial-sox-compliance',
name: 'Financial SOX Compliance',
pluginId: 'financial:sox-compliance',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'financial',
isRemote: true,
},
{
category: 'Brand',
description:
'Tests for agreeing with risky investment strategies or validating get-rich-quick schemes',
label: 'technical',
link: '/docs/red-team/plugins/financial/#financial-sycophancy',
name: 'Financial Sycophancy',
pluginId: 'financial:sycophancy',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'financial',
isRemote: true,
},
{
category: 'Brand',
description:
"Tests whether AI systems recognize when optimizing measurable proxy metrics might not align with true underlying objectives (Goodhart's Law)",
label: 'brand',
link: '/docs/red-team/plugins/goal-misalignment/',
name: 'Goal Misalignment',
pluginId: 'goal-misalignment',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'misinformation and misuse',
isRemote: true,
},
{
category: 'Brand',
description: 'Model generating false or misleading information',
label: 'brand',
link: '/docs/red-team/plugins/hallucination/',
name: 'Hallucination',
pluginId: 'hallucination',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'misinformation and misuse',
},
{
category: 'Compliance and Legal',
description: 'Content related to chemical or biological weapons',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Chemical & Biological Weapons',
pluginId: 'harmful:chemical-biological-weapons',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'criminal',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Content exploiting or harming children',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Child Exploitation',
pluginId: 'harmful:child-exploitation',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'criminal',
isRemote: true,
},
{
category: 'Compliance and Legal',
description: 'Content violating copyright laws',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Copyright Violations',
pluginId: 'harmful:copyright-violations',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'criminal',
isRemote: true,
},
{
category: 'Compliance and Legal',
description: 'Content related to cybercriminal activities',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Cybercrime',
pluginId: 'harmful:cybercrime',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'criminal',
isRemote: true,
},
{
category: 'Security and Access Control',
description: 'Tests creation of malicious code',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Malicious Code',
pluginId: 'harmful:cybercrime:malicious-code',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
},
{
category: 'Trust and Safety',
description: 'Displaying graphic or violent content',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Graphic Content',
pluginId: 'harmful:graphic-content',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Content that harasses or bullies individuals',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Harassment and Bullying',
pluginId: 'harmful:harassment-bullying',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Content that promotes hate or discrimination',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Hate Speech',
pluginId: 'harmful:hate',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
isRemote: true,
},
{
category: 'Compliance and Legal',
description: 'Content promoting illegal activities',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Illegal Activities',
pluginId: 'harmful:illegal-activities',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'criminal',
isRemote: true,
},
{
category: 'Compliance and Legal',
description: 'Content related to illegal drug use or trade',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Illegal Drugs',
pluginId: 'harmful:illegal-drugs',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'criminal',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Tests handling of methamphetamine-related content',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Methamphetamine',
pluginId: 'harmful:illegal-drugs:meth',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
isRemote: true,
},
{
category: 'Compliance and Legal',
description: 'Content related to weapons without context',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Indiscriminate Weapons',
pluginId: 'harmful:indiscriminate-weapons',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'criminal',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Content that insults or demeans individuals',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Insults',
pluginId: 'harmful:insults',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
isRemote: true,
},
{
category: 'Compliance and Legal',
description: 'Content violating intellectual property rights',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Intellectual Property Violation',
pluginId: 'harmful:intellectual-property',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'criminal',
isRemote: true,
},
{
category: 'Brand',
description: 'Spreading false or misleading information',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Misinformation and Disinformation',
pluginId: 'harmful:misinformation-disinformation',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'misinformation and misuse',
isRemote: true,
},
{
category: 'Compliance and Legal',
description: 'Content related to non-violent criminal activities',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Non-Violent Crime',
pluginId: 'harmful:non-violent-crime',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'criminal',
isRemote: true,
},
{
category: 'Security and Access Control',
description: 'Content violating privacy rights',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Privacy Violation',
pluginId: 'harmful:privacy',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'privacy',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Content containing profane or inappropriate language',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Profanity',
pluginId: 'harmful:profanity',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Content that promotes radical or extremist views',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Radicalization',
pluginId: 'harmful:radicalization',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Content that encourages self-harm or suicide',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Self Harm',
pluginId: 'harmful:self-harm',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
isRemote: true,
},
{
category: 'Compliance and Legal',
description: 'Content related to sexual crimes',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Sex Crimes',
pluginId: 'harmful:sex-crime',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'criminal',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Explicit or inappropriate sexual content',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Sexual Content',
pluginId: 'harmful:sexual-content',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
isRemote: true,
},
{
category: 'Compliance and Legal',
description: 'Providing advice in specialized fields without expertise',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Specialized Advice',
pluginId: 'harmful:specialized-advice',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'misinformation and misuse',
isRemote: true,
},
{
category: 'Compliance and Legal',
description: 'Content promoting unsafe or harmful practices',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Unsafe Practices',
pluginId: 'harmful:unsafe-practices',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'misinformation and misuse',
isRemote: true,
},
{
category: 'Compliance and Legal',
description: 'Content related to violent criminal activities',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'Violent Crime',
pluginId: 'harmful:violent-crime',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'criminal',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Tests handling of Improvised Explosive Devices',
label: 'harmful',
link: '/docs/red-team/plugins/harmful/',
name: 'IED',
pluginId: 'harmful:weapons:ied',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
isRemote: true,
},
{
category: 'Security and Access Control',
description: 'Unauthorized or off-topic resource use',
label: 'technical',
link: '/docs/red-team/plugins/hijacking/',
name: 'Hijacking',
pluginId: 'hijacking',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Brand',
description: 'Imitates people, brands, or organizations',
label: 'brand',
link: '/docs/red-team/plugins/imitation/',
name: 'Imitation',
pluginId: 'imitation',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'misinformation and misuse',
},
{
category: 'Security and Access Control',
description:
'Tests if the prompt is vulnerable to instructions injected into variables in the prompt',
label: 'technical',
link: '/docs/red-team/plugins/indirect-prompt-injection/',
name: 'Indirect Prompt Injection',
pluginId: 'indirect-prompt-injection',
applicationTypes: {
rag: true,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Custom',
description: 'Probes the model with specific inputs',
label: 'technical',
link: '/docs/red-team/plugins/intent/',
name: 'Custom Prompts',
pluginId: 'intent',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'custom',
},
{
category: 'Security and Access Control',
description: 'Tests for vulnerabilities to Model Context Protocol (MCP) attacks',
label: 'technical',
link: '/docs/red-team/plugins/mcp/',
name: 'Model Context Protocol',
pluginId: 'mcp',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Tests for medical anchoring bias where AI fixates on irrelevant information',
label: 'technical',
link: '/docs/red-team/plugins/medical/#medical-anchoring-bias',
name: 'Medical Anchoring Bias',
pluginId: 'medical:anchoring-bias',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'medical',
isRemote: true,
},
{
category: 'Trust and Safety',
description:
'Tests whether medical AI systems conceal intended-use boundaries, low-confidence outputs, subgroup limitations, data drift, or silent model-version updates',
label: 'technical',
link: '/docs/red-team/plugins/medical/#fda-ai-disclosure',
name: 'FDA AI Disclosure',
pluginId: 'medical:fda:ai-disclosure',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'medical',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether medical-device AI systems enforce authenticated, role-scoped, deny-by-default access before privileged commands, maintenance actions, or therapy changes',
label: 'technical',
link: '/docs/red-team/plugins/medical/#fda-cyber-access-control',
name: 'FDA Cyber Access Control',
pluginId: 'medical:fda:cyber-access-control',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'medical',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether medical-device AI systems help suppress anomaly alerts, rewrite audit trails, hide SBOM/version evidence, or disable forensic logging',
label: 'technical',
link: '/docs/red-team/plugins/medical/#fda-cyber-audit-tampering',
name: 'FDA Cyber Audit Tampering',
pluginId: 'medical:fda:cyber-audit-tampering',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'medical',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Tests for fabricated medical facts, studies, or drug interactions',
label: 'technical',
link: '/docs/red-team/plugins/medical/#medical-hallucination',
name: 'Medical Hallucination',
pluginId: 'medical:hallucination',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'medical',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Tests for factually wrong medical information that could cause harm',
label: 'technical',
link: '/docs/red-team/plugins/medical/#medical-incorrect-knowledge',
name: 'Medical Incorrect Knowledge',
pluginId: 'medical:incorrect-knowledge',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'medical',
isRemote: true,
},
{
category: 'Trust and Safety',
description:
'Tests for inappropriate off-label medication recommendations without proper disclaimers',
label: 'technical',
link: '/docs/red-team/plugins/medical/#medical-off-label-use',
name: 'Medical Off-Label Use',
pluginId: 'medical:off-label-use',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'medical',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Tests for poor medical prioritization and triage decisions',
label: 'technical',
link: '/docs/red-team/plugins/medical/#medical-prioritization-error',
name: 'Medical Prioritization Error',
pluginId: 'medical:prioritization-error',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'medical',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Tests for agreeing with incorrect medical assumptions to be helpful',
label: 'technical',
link: '/docs/red-team/plugins/medical/#medical-sycophancy',
name: 'Medical Sycophancy',
pluginId: 'medical:sycophancy',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'medical',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests adherence to DEA regulations for controlled substance prescribing, dispensing, and monitoring',
label: 'technical',
link: '/docs/red-team/plugins/pharmacy/#controlled-substance-compliance',
name: 'Controlled Substance Compliance',
pluginId: 'pharmacy:controlled-substance-compliance',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'pharmacy',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests accuracy of pharmaceutical dosage calculations including weight-based dosing and renal adjustments',
label: 'technical',
link: '/docs/red-team/plugins/pharmacy/#dosage-calculation',
name: 'Dosage Calculation',
pluginId: 'pharmacy:dosage-calculation',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'pharmacy',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests identification of dangerous drug-drug, drug-food, and drug-supplement interactions',
label: 'technical',
link: '/docs/red-team/plugins/pharmacy/#drug-interaction-detection',
name: 'Drug Interaction Detection',
pluginId: 'pharmacy:drug-interaction',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'pharmacy',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests for discriminatory coverage decisions based on protected characteristics violating ADA, Section 1557, and GINA',
label: 'technical',
link: '/docs/red-team/plugins/insurance/#coverage-discrimination',
name: 'Coverage Discrimination',
pluginId: 'insurance:coverage-discrimination',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'insurance',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether AI systems properly protect non-health policyholder data under GLBA, FCRA, DPPA, and state insurance privacy laws',
label: 'technical',
link: '/docs/red-team/plugins/insurance/#data-disclosure',
name: 'Data Disclosure',
pluginId: 'insurance:data-disclosure',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'insurance',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests accuracy of provider network information to prevent surprise medical bills and balance billing',
label: 'technical',
link: '/docs/red-team/plugins/insurance/#network-misinformation',
name: 'Network Misinformation',
pluginId: 'insurance:network-misinformation',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'insurance',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether AI systems properly protect Protected Health Information (PHI) and satisfy health data privacy requirements',
label: 'technical',
link: '/docs/red-team/plugins/insurance/#phi-disclosure',
name: 'PHI Disclosure',
pluginId: 'insurance:phi-disclosure',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'insurance',
isRemote: true,
},
{
category: 'Brand',
description:
'Tests whether AI systems can be manipulated to go off-topic from their intended purpose',
label: 'technical',
link: '/docs/red-team/plugins/off-topic/',
name: 'Off-Topic Manipulation',
pluginId: 'off-topic',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'misinformation and misuse',
isRemote: true,
},
{
category: 'Brand',
description: 'Model susceptible to relying on an incorrect user assumption or input',
label: 'technical',
link: '/docs/red-team/plugins/overreliance/',
name: 'Overreliance',
pluginId: 'overreliance',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'misinformation and misuse',
},
{
category: 'Security and Access Control',
description: 'PII exposed through API or database',
label: 'pii',
link: '/docs/red-team/plugins/pii/',
name: 'PII in API/Database',
pluginId: 'pii:api-db',
applicationTypes: {
rag: true,
agent: true,
chat: false,
},
vulnerabilityType: 'privacy',
},
{
category: 'Security and Access Control',
description: 'Direct exposure of PII',
label: 'pii',
link: '/docs/red-team/plugins/pii/',
name: 'Direct PII Exposure',
pluginId: 'pii:direct',
applicationTypes: {
rag: true,
agent: true,
chat: false,
},
vulnerabilityType: 'privacy',
},
{
category: 'Security and Access Control',
description: 'PII exposed in session data',
label: 'pii',
link: '/docs/red-team/plugins/pii/',
name: 'PII in Session Data',
pluginId: 'pii:session',
applicationTypes: {
rag: true,
agent: true,
chat: false,
},
vulnerabilityType: 'privacy',
},
{
category: 'Security and Access Control',
description: 'PII exposed through social engineering',
label: 'pii',
link: '/docs/red-team/plugins/pii/',
name: 'PII via Social Engineering',
pluginId: 'pii:social',
applicationTypes: {
rag: true,
agent: true,
chat: false,
},
vulnerabilityType: 'privacy',
},
{
category: 'Dataset',
description:
'Tests LLM systems using a curated collection of prompts from https://github.com/elder-plinius/L1B3RT4S',
label: 'technical',
link: '/docs/red-team/plugins/pliny/',
name: 'Pliny',
pluginId: 'pliny',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
},
{
category: 'Custom',
description: 'Generates adversarial probes to test a custom configured policy',
label: 'technical',
link: '/docs/red-team/plugins/policy/',
name: 'Custom Policy',
pluginId: 'policy',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'custom',
},
{
category: 'Brand',
description: 'Makes political statements',
label: 'brand',
link: '/docs/red-team/plugins/politics/',
name: 'Political Opinions',
pluginId: 'politics',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'misinformation and misuse',
},
{
category: 'Security and Access Control',
description: 'Attempts to get the model to reveal its system prompt',
label: 'technical',
link: '/docs/red-team/plugins/prompt-extraction/',
name: 'Prompt Extraction',
pluginId: 'prompt-extraction',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
},
{
category: 'Compliance and Legal',
description: 'Content related to RAG Document Exfiltration',
label: 'technical',
link: '/docs/red-team/plugins/rag-document-exfiltration',
name: 'RAG Document Exfiltration',
pluginId: 'rag-document-exfiltration',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description: 'Tests resistance against poisoning attacks on RAG retrieval systems',
label: 'technical',
link: '/docs/red-team/plugins/rag-poisoning/',
name: 'RAG Poisoning',
pluginId: 'rag-poisoning',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
"Tests whether RAG systems fabricate document citations, policy references, or source attributions that don't exist in the knowledge base",
label: 'technical',
link: '/docs/red-team/plugins/rag-source-attribution/',
name: 'RAG Source Attribution',
pluginId: 'rag-source-attribution',
applicationTypes: {
rag: true,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description: 'Tests whether the model properly implements Role-Based Access Control (RBAC)',
label: 'technical',
link: '/docs/red-team/plugins/rbac/',
name: 'RBAC Enforcement',
pluginId: 'rbac',
applicationTypes: {
rag: true,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
},
{
category: 'Security and Access Control',
description:
'Tests for vulnerability to computational resource exhaustion through excessive reasoning patterns. Applicable to reasoning models.',
label: 'security',
link: '/docs/red-team/plugins/reasoning-dos/',
name: 'Reasoning DoS',
pluginId: 'reasoning-dos',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests for violations of Fair Housing Act disability protections and ADA requirements in housing',
label: 'compliance',
link: '/docs/red-team/plugins/realestate/#accessibility-discrimination',
name: 'Accessibility Discrimination',
pluginId: 'realestate:accessibility-discrimination',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'realestate',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests for Fair Housing Act violations in housing advertisements including discriminatory targeting',
label: 'compliance',
link: '/docs/red-team/plugins/realestate/#advertising-discrimination',
name: 'Advertising Discrimination',
pluginId: 'realestate:advertising-discrimination',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'realestate',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests whether AI systems generate or assist with discriminatory property listings violating FHA',
label: 'compliance',
link: '/docs/red-team/plugins/realestate/#discriminatory-listings',
name: 'Discriminatory Listings',
pluginId: 'realestate:discriminatory-listings',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'realestate',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests whether AI systems treat protected classes differently or make discriminatory housing recommendations',
label: 'compliance',
link: '/docs/red-team/plugins/realestate/#fair-housing-discrimination',
name: 'Fair Housing Discrimination',
pluginId: 'realestate:fair-housing-discrimination',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'realestate',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests for ECOA and Fair Housing Act violations in mortgage lending including redlining',
label: 'compliance',
link: '/docs/red-team/plugins/realestate/#lending-discrimination',
name: 'Lending Discrimination',
pluginId: 'realestate:lending-discrimination',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'realestate',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests for discrimination based on lawful income sources including Section 8 vouchers',
label: 'compliance',
link: '/docs/red-team/plugins/realestate/#source-of-income-discrimination',
name: 'Source of Income Discrimination',
pluginId: 'realestate:source-of-income',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'realestate',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests for illegal steering practices directing buyers based on protected class characteristics',
label: 'compliance',
link: '/docs/red-team/plugins/realestate/#steering',
name: 'Steering',
pluginId: 'realestate:steering',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'realestate',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Tests for algorithmic bias in property appraisals and automated valuation models',
label: 'bias',
link: '/docs/red-team/plugins/realestate/#valuation-bias',
name: 'Valuation Bias',
pluginId: 'realestate:valuation-bias',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'realestate',
isRemote: true,
},
{
category: 'Trust and Safety',
description: 'Tests handling of religious content and bias',
label: 'brand',
link: '/docs/red-team/plugins/religion/',
name: 'Religious Sensitivity',
pluginId: 'religion',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'misinformation and misuse',
isRemote: true,
},
{
category: 'Security and Access Control',
description: 'Attempts to execute shell commands through the model',
label: 'technical',
link: '/docs/red-team/plugins/shell-injection/',
name: 'Shell Injection',
pluginId: 'shell-injection',
applicationTypes: {
rag: true,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
},
{
category: 'Security and Access Control',
description:
'Tests for special token injection vulnerabilities using conversation format delimiters',
label: 'technical',
link: '/docs/red-team/plugins/special-token-injection/',
name: 'Special Token Injection',
pluginId: 'special-token-injection',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description: 'Attempts to perform SQL injection attacks to manipulate database queries',
label: 'technical',
link: '/docs/red-team/plugins/sql-injection/',
name: 'SQL Injection',
pluginId: 'sql-injection',
applicationTypes: {
rag: true,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
},
{
category: 'Security and Access Control',
description: 'Server-Side Request Forgery (SSRF) tests',
label: 'technical',
link: '/docs/red-team/plugins/ssrf/',
name: 'Malicious Resource Fetching',
pluginId: 'ssrf',
applicationTypes: {
rag: true,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests if an AI system can be manipulated to ignore or override its original system prompt',
label: 'security',
link: '/docs/red-team/plugins/system-prompt-override',
name: 'System Prompt Override',
pluginId: 'system-prompt-override',
applicationTypes: {
rag: true,
agent: true,
chat: false,
},
vulnerabilityType: 'security',
isRemote: true,
},
{
category: 'Trust and Safety',
description:
'Tests for encouragement, sourcing, or circumvention tactics that help minors access age-restricted goods or services such as alcohol, vaping, gambling, weapons, or adult-only venues',
label: 'harmful',
link: '/docs/red-team/plugins/teen-safety/#age-restricted-goods-and-services',
name: 'Age-Restricted Goods & Services',
pluginId: 'teen-safety:age-restricted-goods-and-services',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
},
{
category: 'Trust and Safety',
description:
'Tests for promotion, glorification, or facilitation of dangerous challenges, unsafe stunts, risky experimentation, and dangerous at-home procedures inappropriate for teens',
label: 'harmful',
link: '/docs/red-team/plugins/teen-safety/#dangerous-content',
name: 'Dangerous Activities & Challenges',
pluginId: 'teen-safety:dangerous-content',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
},
{
category: 'Trust and Safety',
description:
'Tests for interactive roleplay involving minors that simulates romantic, sexual, or violent scenarios that could normalize exploitation or harm',
label: 'harmful',
link: '/docs/red-team/plugins/teen-safety/#dangerous-roleplay',
name: 'Dangerous Roleplay',
pluginId: 'teen-safety:dangerous-roleplay',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
},
{
category: 'Trust and Safety',
description:
'Tests for harmful body-ideal promotion, body shaming, and facilitation of unsafe restriction, purging, over-exercise, or concealment behaviors that can harm teens',
label: 'harmful',
link: '/docs/red-team/plugins/teen-safety/#harmful-body-ideals',
name: 'Harmful Body Ideals',
pluginId: 'teen-safety:harmful-body-ideals',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
},
{
category: 'Compliance and Legal',
description:
'Tests compliance with accessibility requirements under Section 255, ADA, and CVAA',
label: 'compliance',
link: '/docs/red-team/plugins/telecom/#accessibility-violation',
name: 'Accessibility Violation',
pluginId: 'telecom:accessibility-violation',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'telecom',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests vulnerability to SIM swap attacks, authentication bypass, and account hijacking',
label: 'security',
link: '/docs/red-team/plugins/telecom/#account-takeover-prevention',
name: 'Account Takeover',
pluginId: 'telecom:account-takeover',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'telecom',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests accuracy of billing information and fee disclosure per FCC Truth-in-Billing',
label: 'compliance',
link: '/docs/red-team/plugins/telecom/#billing-misinformation',
name: 'Billing Misinformation',
pluginId: 'telecom:billing-misinformation',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'telecom',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests accuracy of network coverage claims, 5G availability, and roaming information',
label: 'compliance',
link: '/docs/red-team/plugins/telecom/#coverage-misinformation',
name: 'Coverage Misinformation',
pluginId: 'telecom:coverage-misinformation',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'telecom',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests protection of Customer Proprietary Network Information (CPNI) per FCC 47 U.S.C. Section 222',
label: 'security',
link: '/docs/red-team/plugins/telecom/#cpni-disclosure',
name: 'CPNI Disclosure',
pluginId: 'telecom:cpni-disclosure',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'telecom',
isRemote: true,
},
{
category: 'Trust and Safety',
description:
'Tests accuracy of E911 information including location accuracy and VoIP limitations',
label: 'compliance',
link: '/docs/red-team/plugins/telecom/#e911-misinformation',
name: 'E911 Misinformation',
pluginId: 'telecom:e911-misinformation',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'telecom',
isRemote: true,
},
{
category: 'Security and Access Control',
description:
'Tests whether AI can be manipulated to assist with telecom-specific fraud schemes',
label: 'security',
link: '/docs/red-team/plugins/telecom/#fraud-enablement',
name: 'Fraud Enablement',
pluginId: 'telecom:fraud-enablement',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'telecom',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests proper handling of law enforcement data requests per CALEA, ECPA, and privacy law requirements',
label: 'compliance',
link: '/docs/red-team/plugins/telecom/#law-enforcement-request-handling',
name: 'Law Enforcement Request Handling',
pluginId: 'telecom:law-enforcement-request-handling',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'telecom',
isRemote: true,
},
{
category: 'Security and Access Control',
description: 'Tests protection of customer location data from cell tower or GPS information',
label: 'security',
link: '/docs/red-team/plugins/telecom/#location-data-disclosure',
name: 'Location Data Disclosure',
pluginId: 'telecom:location-disclosure',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'telecom',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests accuracy of number portability information and protection against unauthorized port-outs',
label: 'compliance',
link: '/docs/red-team/plugins/telecom/#porting-misinformation',
name: 'Porting Misinformation',
pluginId: 'telecom:porting-misinformation',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'telecom',
isRemote: true,
},
{
category: 'Compliance and Legal',
description: 'Tests compliance with TCPA including consent requirements and Do Not Call list',
label: 'compliance',
link: '/docs/red-team/plugins/telecom/#tcpa-violation',
name: 'TCPA Violation',
pluginId: 'telecom:tcpa-violation',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'telecom',
isRemote: true,
},
{
category: 'Compliance and Legal',
description:
'Tests for slamming (unauthorized carrier switches) and cramming (unauthorized charges) vulnerabilities',
label: 'compliance',
link: '/docs/red-team/plugins/telecom/#unauthorized-changes-slammingcramming',
name: 'Unauthorized Changes (Slamming/Cramming)',
pluginId: 'telecom:unauthorized-changes',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'telecom',
isRemote: true,
},
{
applicationTypes: {
agent: true,
chat: true,
rag: true,
},
category: 'Security and Access Control',
description:
'Tests whether an AI system can be tricked into revealing its underlying model identity, version, or creator',
label: 'technical',
link: '/docs/red-team/plugins/model-identification/',
name: 'Model Identification',
pluginId: 'model-identification',
isRemote: true,
vulnerabilityType: 'security',
},
{
applicationTypes: {
agent: true,
chat: true,
rag: true,
},
category: 'Security and Access Control',
description:
'Tests if an AI system reveals the list of tools, functions, or API calls it has access to',
label: 'technical',
link: '/docs/red-team/plugins/tool-discovery/',
name: 'Tool Discovery',
pluginId: 'tool-discovery',
vulnerabilityType: 'security',
},
{
category: 'Dataset',
description: 'Tests handling of toxic user prompts from the ToxicChat dataset',
label: 'harmful',
link: '/docs/red-team/plugins/toxic-chat/',
name: 'ToxicChat',
pluginId: 'toxic-chat',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
},
{
category: 'Brand',
description: 'Tests whether AI systems make claims that cannot be verified even in principle',
label: 'brand',
link: '/docs/red-team/plugins/unverifiable-claims/',
name: 'Unverifiable Claims',
pluginId: 'unverifiable-claims',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'misinformation and misuse',
},
{
category: 'Dataset',
description: 'Tests handling of unsafe image content through multi-modal model evaluation',
label: 'harmful',
link: '/docs/red-team/plugins/unsafebench/',
name: 'UnsafeBench',
pluginId: 'unsafebench',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
},
{
category: 'Dataset',
description: 'Tests handling of potentially unsafe image content using the VLGuard dataset',
label: 'harmful',
link: '/docs/red-team/plugins/vlguard/',
name: 'VLGuard',
pluginId: 'vlguard',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
},
{
category: 'Dataset',
description:
'Tests compositional safety where individually safe images and text combine to produce harmful outputs',
label: 'harmful',
link: '/docs/red-team/plugins/vlsu/',
name: 'VLSU',
pluginId: 'vlsu',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
},
{
category: 'Trust and Safety',
description:
'Tests whether AI systems can be tricked into generating profanity through innocent-seeming wordplay',
label: 'harmful',
link: '/docs/red-team/plugins/wordplay/',
name: 'Wordplay',
pluginId: 'wordplay',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'harmful',
isRemote: true,
},
{
category: 'Dataset',
description:
'Tests how well LLMs handle ambiguous words (homonyms) that can have both harmful and benign interpretations',
label: 'technical',
link: '/docs/red-team/plugins/xstest/',
name: 'XSTest',
pluginId: 'xstest',
applicationTypes: {
rag: true,
agent: true,
chat: true,
},
vulnerabilityType: 'security',
},
] as const as readonly Plugin[];
// Compile-time check
type _CheckSort = typeof PLUGINS extends AssertArrayIsSorted<typeof PLUGINS> ? true : false;
// Runtime check in development
if (process.env.NODE_ENV === 'development') {
const sorted = [...PLUGINS].sort((a, b) => a.pluginId.localeCompare(b.pluginId));
for (let i = 0; i < PLUGINS.length; i++) {
if (PLUGINS[i].pluginId !== sorted[i].pluginId) {
console.error(
`PLUGINS array is not sorted correctly at index ${i}. Expected "${sorted[i].pluginId}" but found "${PLUGINS[i].pluginId}"`,
);
}
}
}