Critical-risk tools in Google Workspace Drive (gws CLI)

Critical severity Google Workspace Drive (gws CLI) MCP Server 8 of 57 tools

8 of the 57 tools in Google Workspace Drive (gws CLI) are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

drive_comments_delete Destructive

Permanently delete a comment
drive_drives_delete Destructive

Permanently delete a shared drive
drive_files_delete Destructive

Permanently delete a file
drive_files_emptyTrash Destructive

Permanently delete all trashed files
drive_permissions_delete Destructive

Revoke access by removing a permission
drive_replies_delete Destructive

Permanently delete a reply
drive_revisions_delete Destructive

Permanently delete a file revision
drive_teamdrives_delete Destructive

Permanently delete a legacy Team Drive

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in Google Workspace Drive (gws CLI)

Tools at critical risk

Attacks that target this class

More on Google Workspace Drive (gws CLI)

Let agents act without letting them run wild.