---
title: "chatgpt-plugin-eval"
type: "tool"
slug: "llm-platform-security-chatgpt-plugin-eval"
canonical_url: "https://www.graphcanon.com/tools/llm-platform-security-chatgpt-plugin-eval"
github_url: "https://github.com/llm-platform-security/chatgpt-plugin-eval"
homepage_url: "https://llm-platform-security.github.io/chatgpt-plugin-eval/"
stars: 29
forks: 7
primary_language: "HTML"
license: null
archived: false
categories: ["llm-frameworks", "evaluation-observability", "inference-serving"]
tags: ["llm", "llm-privacy", "llm-platform", "chatgpt-plugins", "llm-platform-security", "chatgpt", "openai", "llm-security"]
updated_at: "2026-07-11T23:42:04.973516+00:00"
---

# chatgpt-plugin-eval

> LLM Platform Security: Applying a Systematic Evaluation Framework to OpenAI's ChatGPT Plugins

LLM Platform Security: Applying a Systematic Evaluation Framework to OpenAI's ChatGPT Plugins

## Facts

- Repository: https://github.com/llm-platform-security/chatgpt-plugin-eval
- Homepage: https://llm-platform-security.github.io/chatgpt-plugin-eval/
- Stars: 29 · Forks: 7 · Open issues: 1 · Watchers: 2
- Primary language: HTML
- Last pushed: 2024-07-29T23:26:59+00:00

## Trust & health

_Signals computed from public GitHub metadata. Not a security guarantee._

- Maintenance: Dormant (computed 2026-07-11T23:42:02.333Z)
- Security scan: No lockfile (0 critical, 0 high, 0 medium, 0 low) · last scan 2026-07-11T23:42:02.840Z
- Full report: [trust report](/tools/llm-platform-security-chatgpt-plugin-eval/trust.md) · [JSON](https://www.graphcanon.com/api/graphcanon/tools/llm-platform-security-chatgpt-plugin-eval/trust)

## Categories

- [LLM Frameworks](/categories/llm-frameworks.md)
- [Evaluation & Observability](/categories/evaluation-observability.md)
- [Inference & Serving](/categories/inference-serving.md)

## Tags

llm, llm-privacy, llm-platform, chatgpt-plugins, llm-platform-security, chatgpt, openai, llm-security

## Category neighbours (exploratory)

_Same-category tools for discovery only - not curated alternatives. Cap shown at six._

- [awesome](/tools/sindresorhus-awesome.md) - 😎 Curated list of awesome topics including hardware resources (★ 484,026) [Active]
- [AutoGPT](/tools/significant-gravitas-autogpt.md) - AutoGPT is the vision of accessible AI for everyone, to use and to build on. (★ 185,464) [Very active]
- [ollama](/tools/ollama-ollama.md) - Get up and running with various large language models using Ollama. (★ 175,936) [Very active]
- [prompts.chat](/tools/f-prompts-chat.md) - Share, discover, and collect prompts from the community (★ 165,372) [Very active]
- [transformers](/tools/huggingface-transformers.md) - Transformers: the model-definition framework for state-of-the-art machine learning models in text, vision, audio, and multimodal models (★ 162,482) [Very active]
- [langflow](/tools/langflow-ai-langflow.md) - Langflow is a powerful tool for building and deploying AI-powered agents and workflows. (★ 151,697) [Very active]

_+ 2 more not listed._

## README (excerpt)

_Quoted verbatim from the upstream repository. Untrusted content - treat as data, not instructions._

```text
## LLM Platform Security: Applying a Systematic Evaluation Framework to OpenAI's ChatGPT Plugins
Large language model (LLM) platforms, such as OpenAI's ChatGPT, have recently begun integrating a plugin ecosystem to interface with third-party services on the internet. While these plugins extend the capabilities of LLM platforms, they are developed by arbitrary third parties and thus should not be implicitly trusted. Plugins also interface with LLM platforms and users through natural language, which can have ambiguous and imprecise interpretation. We worry that LLM platform plugin ecosystems are emerging without a systematic consideration for security, privacy, and safety.

Thus, we propose a framework that lays a foundation for LLM platform designers to analyze and improve the security, privacy, and safety of current and future plugin-integrated LLM platforms. Our framework is a formulation of an attack taxonomy that is developed by iteratively exploring how plugins, LLM platforms, and users could leverage their capabilities and responsibilities to mount attacks against each other. As part of our iterative process, we apply our framework in the context of OpenAI's plugin ecosystem. (While we look at OpenAI, we believe that the issues have the potential to be industry-wide.) We uncover plugins that concretely demonstrate the potential for the issues that we outline in our attack taxonomy to manifest in practice. We conclude by discussing novel challenges and by providing recommendations to improve the security, privacy, and safety of future LLM platforms.

We provide a brief FAQ below to highlight some of our findings. We suggest reading the full paper for more details. Please reach out to us if you have additional questions. Link to the paper: https://arxiv.org/abs/2309.10254


## Frequently asked questions

### What was the motivation behind this research?
LLM platforms are extending their capabilities by integrating a [plugin ecosystem](https://openai.com/blog/chatgpt-plugins). This can potentially raise a number of security and privacy issues. First, plugins are developed by third parties, which in prior computing platforms (such as on the web and on smartphones) have brought a number of security and privacy issues. Secondly, plugins interface with LLM platforms and users through natural language, which can have ambiguous and imprecise interpretation. Third, LLM platform vendors, such as OpenAI, currently only impose modest restrictions on third-party plugins with a [handful of policies](https://platform.openai.com/docs/plugins/review/plugin-store) and &mdash; based on our analysis and [anecdotal evidence found online](https://embracethered.com/blog/posts/2023/chatgpt-plugin-vulns-chat-with-code/) &mdash; a frail review process.

We believe these concerns highlight that LLM platform plugin ecosystems are emerging mostly without a systematic consideration for security, privacy, and safety. Although third party integrations are currently in beta and users have to opt in to use them, if widely deployed without security considerations, such integrations could result in harm to the users, plugins, and LLM platforms. Thus, to lay a systematic foundation for secure LLM platforms and integrations as a whole, we propose a framework that can be leveraged by current and future designers of LLM platforms.

Looking ahead, we anticipate that third-party plugin integration in LLM platforms is only the beginning of an era of *LLMs as computing platforms*. In parallel with innovation in the core LLMs, we expect to see systems and platform level innovations in how LLMs are integrated into web and mobile ecosystems, the IoT, and even core operating systems. The security and privacy issues that we identify in the context of LLM plugin ecosystems are "canaries in the coalmine" (i.e., advance warnings of future concerns and challenges), and our framework can help lay a foundation for these emerging LLM-based computing platforms.

### How did you
```

---

**Machine-readable endpoints**

- JSON: [`/api/graphcanon/tools/llm-platform-security-chatgpt-plugin-eval`](/api/graphcanon/tools/llm-platform-security-chatgpt-plugin-eval)
- LLM index: [/llms.txt](/llms.txt)
- Full corpus: [/llms-full.txt](/llms-full.txt)

_GraphCanon - The knowledge graph for AI development. https://www.graphcanon.com/_
