Critical-risk tools in Flowforge
6 of the 49 tools in Flowforge are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
flowforge_cancel_runDestructive 4/5Cancel a run that is currently pending or running. Irreversible — the run stops where it is and ends in 'cancelled' state. Use this to abort stuck or misfiring runs. Has no effe...
-
flowforge_delete_credentialDestructive 4/5Delete a stored credential by name. Irreversible — the encrypted value is wiped and cannot be undone. Any webhook tool referencing {{credential:name}} will fail on its next call...
-
flowforge_delete_functionDestructive 4/5Soft-delete a workflow function. The row is marked deleted and hidden from flowforge_list_functions, existing runs are preserved so run history still resolves the function name,...
-
flowforge_delete_taskDestructive 4/5Delete a task from the board. Irreversible — the task and its comments are removed and cannot be undone. If you only want to hide the task, move it to 'cancelled' status via flo...
-
flowforge_delete_toolDestructive 4/5Soft-delete an AI tool by name. The row is retained so in-flight runs that already loaded the tool can finish, but it is hidden from all user-facing queries and the executor sto...
-
flowforge_reject_tool_callDestructive 4/5Reject a pending tool-call approval. Irreversible for the current run — the run's step fails with the supplied reason and moves on according to its retry policy. To allow the ca...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on Flowforge
Enforce policy on Flowforge
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init