Please follow the security policy of the main promptfoo project for reporting vulnerabilities:
github.com/promptfoo/promptfoo/blob/main/SECURITY.md
- This repository: issues with the Python pip wrapper (installation, shim behaviour, CI integration)
- promptfoo features and security: report to promptfoo/promptfoo
Do not open public GitHub issues for security vulnerabilities. Follow the responsible disclosure process linked above.