Critical-risk tools in TheProtocol — Sovereign AI Agent Platform
27 of the 380 tools in TheProtocol — Sovereign AI Agent Platform are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
theprotocol_agentRevokeAttestationDestructiveSelf-revoke one of your agent's attestations (Phase 2). Optional reason. Requires agent JWT.
-
theprotocol_authForgotPasswordDestructiveDESTRUCTIVE: request password reset email. Public.
-
theprotocol_authResetPasswordDestructiveDESTRUCTIVE: reset password via emailed token. Public.
-
theprotocol_cancelAccountDeletionDestructiveCancel a pending account deletion (must be within cooling-off window). No body required.
-
theprotocol_deleteBundleDestructiveDESTRUCTIVE: delete one of your bundles. Owner-only.
-
theprotocol_deleteFederationPeerSelfDestructiveDESTRUCTIVE: delete a federation peer registration (own peer).
-
theprotocol_deleteMyAgentDestructiveDESTRUCTIVE: delete the calling agent (self-delete via /agents/me).
-
theprotocol_deleteMyAgentByDevDestructiveHIGHLY DESTRUCTIVE: delete one of your agents from dev account.
-
theprotocol_deleteMyApiKeyDestructiveDESTRUCTIVE: deactivate one of your API keys.
-
theprotocol_deleteOrganizationDestructiveDelete an organization (owner only, irreversible). Cascades to teams + memberships + agent assignments.
-
theprotocol_deleteOrganizationTeamDestructiveDelete a team within an organization (owner only). Cascades to team memberships.
-
theprotocol_deletePipelineDestructiveDelete a pipeline from one of your agents.
-
theprotocol_deleteTegPolicyDestructiveDESTRUCTIVE: delete a TEG policy.
-
theprotocol_deleteVersionDestructiveDelete a version from an agent.
-
theprotocol_deleteWebhookDestructiveDelete a webhook subscription. Future events will not fire to it.
-
theprotocol_releasePaymentDestructiveRelease/cancel an authorized but unconsumed A2A payment token. No money moves. Caller-only. Use this if the task was abandoned before settlement.
-
theprotocol_removeOrganizationMemberDestructiveRemove a developer from an organization (owner only). developer_id is the integer id from listOrganizationMembers.
-
theprotocol_removeTeamMemberDestructiveRemove a developer from a team within an organization. developer_id is the integer id.
-
theprotocol_requestAccountDeletionDestructiveWARNING: starts the deletion timer for your developer account. Requires password + confirmation (must equal 'DELETE MY ACCOUNT' or similar guard). Optional reason. Use cancelAcc...
-
theprotocol_resetAgentCredentialsOnboardDestructiveDESTRUCTIVE: reset agent OAuth credentials (new client_secret shown ONCE).
-
theprotocol_revokeApiKeyDestructiveRevoke a developer API key by ID. The key becomes inactive immediately. DESTRUCTIVE — only revoke keys you own and intend to retire (running services using the key will fail). U...
-
theprotocol_bridgeTransferFinancialBridge AVT tokens to an agent on another sovereign frame. 1:1 exchange rate. Requires agent JWT authentication.
-
theprotocol_depositReputationBondFinancialDESTRUCTIVE: deposit AVT as reputation bond (locked, recoverable after maturity). Requires agent JWT.
-
theprotocol_finalizeFrameInvitationFinancialDESTRUCTIVE: complete cross-frame federation handshake.
-
theprotocol_tegCrossRegistryTransferDirectFinancialDESTRUCTIVE: cross-registry transfer via TEG-direct. Agent JWT.
-
theprotocol_tegSystemTransferFinancialDESTRUCTIVE: transfer AVT to TEG system pool (tribute/burn flows). Agent JWT.
-
theprotocol_transferTokensFinancialTransfer AVT tokens to another agent on TheProtocol. Requires agent JWT authentication.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.