Implementation:Promptfoo Promptfoo Plugins Registry

Knowledge Sources	Promptfoo Red Team Plugins
Domains	Security_Testing, Plugin_Architecture
Last Updated	2026-02-14 08:00 GMT

Overview

Concrete registry of plugin factories that map vulnerability type IDs to test case generators, provided by the Promptfoo red team framework.

Description

The Plugins array is the exported registry of all available red team plugins. Each entry is a PluginFactory with a key (e.g., `'prompt-injection'`, `'pii'`, `'harmful'`), optional config validator, and an action function that generates adversarial test cases.

The abstract RedteamPluginBase class provides the foundation for most plugins, handling LLM-based test generation, deduplication, and retry logic.

Usage

Reference this registry when looking up available plugins or when extending the framework with custom vulnerability types.

Code Reference

Source Location

Repository: promptfoo
File: src/redteam/plugins/index.ts
Lines: L403-408 (Plugins registry)
File: src/redteam/plugins/base.ts
Lines: L33-296 (RedteamPluginBase class)

Signature

// Plugin registry
export const Plugins: PluginFactory[] = [/* 50+ plugin entries */];

// Each PluginFactory has:
interface PluginFactory {
  key: string;
  validate?: (config: any) => void;
  action: (params: PluginActionParams) => Promise<TestCase[]>;
}

// Base class for LLM-powered plugins
abstract class RedteamPluginBase {
  constructor(
    provider: ApiProvider,
    purpose: string,
    injectVar: string,
    config?: PluginConfig,
  );
  abstract getTemplate(): string;
  async generateTests(n: number, delayMs?: number): Promise<TestCase[]>;
}

Import

import { Plugins } from './redteam/plugins';
import { RedteamPluginBase } from './redteam/plugins/base';

I/O Contract

Inputs

Name	Type	Required	Description
PluginActionParams.provider	ApiProvider	Yes	LLM provider for test generation
PluginActionParams.purpose	string	Yes	Extracted system purpose for realistic attacks
PluginActionParams.injectVar	string	Yes	Variable name to inject adversarial content into
PluginActionParams.n	number	Yes	Number of test cases to generate

Outputs

Name	Type	Description
(return)	TestCase[]	Array of adversarial test cases targeting the plugin's vulnerability type

Usage Examples

Look Up a Plugin

import { Plugins } from './redteam/plugins';

const injectionPlugin = Plugins.find(p => p.key === 'prompt-injection');
if (injectionPlugin) {
  const tests = await injectionPlugin.action({
    provider: myProvider,
    purpose: 'A customer support chatbot',
    injectVar: 'query',
    n: 5,
  });
  console.log(`Generated ${tests.length} prompt injection tests`);
}

Related Pages

Implements Principle

Principle:Promptfoo_Promptfoo_Plugin_Selection

Page Connections

Double-click a node to navigate. Hold to expand connections.

Principle

Implementation

Heuristic

Environment