Critical-risk tools in Google Drive
10 of the 44 tools in Google Drive are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
gd_delete_commentDestructiveDelete a comment from a file. Only the comment author or file owner can delete comments.
-
gd_delete_driveDestructivePermanently delete a shared drive. The drive must be empty (no files) before it can be deleted. This action is irreversible.
-
gd_delete_fileDestructivePermanently delete a file or folder. This action is irreversible — the file will NOT go to trash. Use gd_update_file with trashed=true to move to trash instead.
-
gd_empty_trashDestructivePermanently delete ALL files in the trash. This action is irreversible. All trashed files for the authenticated user will be permanently removed.
-
gd_unshare_fileDestructiveRemove a permission from a file or folder, revoking access for a user, group, or domain. Use gd_list_permissions to find the permission_id first.
-
GOOGLEDRIVE_DELETE_COMMENTDestructiveDeletes a comment from a file. use when you need to remove a specific comment from a google drive file.
-
GOOGLEDRIVE_DELETE_DRIVEDestructiveTool to permanently delete a shared drive. use when you need to remove a shared drive and its contents (if specified).
-
GOOGLEDRIVE_DELETE_PERMISSIONDestructiveDeletes a permission from a file by permission id. use when you need to revoke access for a specific user or group from a file.
-
GOOGLEDRIVE_DELETE_REPLYDestructiveTool to delete a specific reply by reply id. use when you need to remove a reply from a comment on a file.
-
GOOGLEDRIVE_EMPTY_TRASHDestructiveTool to permanently delete all of the user's trashed files. use when you want to empty the trash in google drive.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.