Critical-risk tools in Google Docs
8 of the 33 tools in Google Docs are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
GOOGLEDOCS_DELETE_CONTENT_RANGEDestructive 4/5Tool to delete a range of content from a Google Document. Use when you need to remove a specific portion of text or other structural elements within a document.
-
GOOGLEDOCS_DELETE_FOOTERDestructive 4/5Tool to delete a footer from a Google Document. Use when you need to remove a footer from a specific section or the default footer.
-
GOOGLEDOCS_DELETE_HEADERDestructive 4/5Deletes the header from the specified section or the default header if no section is specified. Use this tool to remove a header from a Google Document.
-
GOOGLEDOCS_DELETE_NAMED_RANGEDestructive 4/5Tool to delete a named range from a Google Document. Use when you need to remove a previously defined named range by its ID or name.
-
GOOGLEDOCS_DELETE_PARAGRAPH_BULLETSDestructive 4/5Tool to remove bullets from paragraphs within a specified range in a Google Document. Use when you need to clear bullet formatting from a section of a document.
-
GOOGLEDOCS_DELETE_TABLEDestructive 5/5Tool to delete an entire table from a Google Document. Use when you have the document ID and the specific start and end index of the table element to be removed. The table's ran...
-
GOOGLEDOCS_DELETE_TABLE_COLUMNDestructive 4/5Tool to delete a column from a table in a Google Document. Use this tool when you need to remove a specific column from an existing table within a document.
-
GOOGLEDOCS_DELETE_TABLE_ROWDestructive 4/5Tool to delete a row from a table in a Google Document. Use when you need to remove a specific row from an existing table.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on Google Docs
Enforce policy on Google Docs
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init