Research
Promptfoo (github.com/promptfoo/promptfoo) is an open-source CLI for automated agent red-teaming with 50+ vulnerability types: prompt injection, jailbreaks, tool misuse, authorization bypass. YAML config, CI/CD integration. 127 Fortune 500 users.
Works as a black-box tester — can target Zeph's daemon HTTP endpoint (/a2a) and ACP HTTP+SSE transport without any Rust SDK.
Proposal
- Create Promptfoo test config (YAML) targeting daemon
/a2a endpoint
- Define red-team scenarios: prompt injection via tool outputs, tool misuse escalation, sandbox bypass attempts, memory poisoning
- Add to CI as optional security gate (non-blocking initially)
Sources
Research
Promptfoo (github.com/promptfoo/promptfoo) is an open-source CLI for automated agent red-teaming with 50+ vulnerability types: prompt injection, jailbreaks, tool misuse, authorization bypass. YAML config, CI/CD integration. 127 Fortune 500 users.
Works as a black-box tester — can target Zeph's daemon HTTP endpoint (
/a2a) and ACP HTTP+SSE transport without any Rust SDK.Proposal
/a2aendpointSources