Promptfoo

The skill's files, scripts, and runtime instructions are coherent with its Promptfoo-focused purpose and do not request unrelated credentials or install arbitrary code.

This skill appears to do what it says: help you scaffold, validate, and run Promptfoo configs. Before using it: (1) review any scaffolded promptfooconfig.yaml the script writes (especially if you pass --force) so you don’t accidentally commit secrets or point tests at sensitive APIs; (2) be aware that running promptfoo eval/validate (not included here) will contact model providers and require provider credentials you control—do not store API keys in repo files or generated prompt files; (3) confirm you install the actual Promptfoo CLI from its official source before running commands; and (4) if you plan red-team or live-API tests, avoid targeting internal or production endpoints without appropriate authorization. Overall the package is internally consistent and low-risk, but normal operational caution around provider keys and target endpoints still applies.