Critical-risk tools in Google Super
29 of the 200 tools in Google Super are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
GOOGLESUPER_BATCH_DELETE_MESSAGESDestructiveTool to permanently delete multiple Gmail messages in bulk. Use when you need to efficiently remove large numbers of emails (e.g., retention enforcement, mailbox hygiene).
-
GOOGLESUPER_CALENDARS_DELETEDestructiveDeletes a secondary calendar. Use calendars.clear for clearing all events on primary calendars.
-
GOOGLESUPER_CLEAR_BASIC_FILTERDestructiveTool to clear the basic filter from a sheet. Use when you need to remove an existing basic filter from a specific sheet within a Google Spreadsheet.
-
GOOGLESUPER_CLEAR_CALENDARDestructiveClears a primary calendar. This operation deletes all events associated with the primary calendar of an account.
-
GOOGLESUPER_CLEAR_TASKSDestructivePermanently clears all completed tasks from a specified Google Tasks list; this action is destructive and idempotent.
-
GOOGLESUPER_CLEAR_VALUESDestructiveClears cell content (preserving formatting and notes) from a specified A1 notation range in a Google Spreadsheet; the range must correspond to an existing sheet and cells.
-
GOOGLESUPER_DELETE_COMMENTDestructiveDeletes a comment from a file. Use when you need to remove a specific comment from a Google Drive file.
-
GOOGLESUPER_DELETE_CONTENT_RANGEDestructiveTool to delete a range of content from a Google Document. Use when you need to remove a specific portion of text or other structural elements within a document.
-
GOOGLESUPER_DELETE_DIMENSIONDestructiveTool to delete specified rows or columns from a sheet in a Google Spreadsheet. Use when you need to remove a range of rows or columns.
-
GOOGLESUPER_DELETE_DRAFTDestructivePermanently deletes a specific Gmail draft using its ID; ensure the draft exists and the user has necessary permissions for the given `user_id`.
-
GOOGLESUPER_DELETE_DRIVEDestructiveTool to permanently delete a shared drive. Use when you need to remove a shared drive and its contents (if specified).
-
GOOGLESUPER_DELETE_EVENTDestructiveDeletes a specified event by `event_id` from a Google Calendar (`calendar_id`); this action is idempotent and raises a 404 error if the event is not found.
-
GOOGLESUPER_DELETE_FOOTERDestructiveTool to delete a footer from a Google Document. Use when you need to remove a footer from a specific section or the default footer.
-
GOOGLESUPER_DELETE_HEADERDestructiveDeletes the header from the specified section or the default header if no section is specified. Use this tool to remove a header from a Google Document.
-
GOOGLESUPER_DELETE_MESSAGEDestructivePermanently deletes a specific email message by its ID from a Gmail mailbox; for `user_id`, use 'me' for the authenticated user or an email address to which the authenticated us...
-
GOOGLESUPER_DELETE_NAMED_RANGEDestructiveTool to delete a named range from a Google Document. Use when you need to remove a previously defined named range by its ID or name.
-
GOOGLESUPER_DELETE_PARAGRAPH_BULLETSDestructiveTool to remove bullets from paragraphs within a specified range in a Google Document. Use when you need to clear bullet formatting from a section of a document.
-
GOOGLESUPER_DELETE_PERMISSIONDestructiveDeletes a permission from a file by permission ID. Use when you need to revoke access for a specific user or group from a file.
-
GOOGLESUPER_DELETE_REPLYDestructiveTool to delete a specific reply by reply ID. Use when you need to remove a reply from a comment on a file.
-
GOOGLESUPER_DELETE_SHEETDestructiveTool to delete a sheet (worksheet) from a spreadsheet. Use when you need to remove a specific sheet from a Google Sheet document.
-
GOOGLESUPER_DELETE_TABLEDestructiveTool to delete an entire table from a Google Document. Use when you have the document ID and the specific start and end index of the table element to be removed. The table's ran...
-
GOOGLESUPER_DELETE_TABLE_COLUMNDestructiveTool to delete a column from a table in a Google Document. Use this tool when you need to remove a specific column from an existing table within a document.
-
GOOGLESUPER_DELETE_TABLE_ROWDestructiveTool to delete a row from a table in a Google Document. Use when you need to remove a specific row from an existing table.
-
GOOGLESUPER_DELETE_TASKDestructiveDeletes a specified task from a given task list in Google Tasks.
-
GOOGLESUPER_DELETE_TASK_LISTDestructivePermanently deletes an existing Google Task list, identified by `tasklist_id`, along with all its tasks; this operation is irreversible.
-
GOOGLESUPER_EMPTY_TRASHDestructiveTool to permanently delete all of the user's trashed files. Use when you want to empty the trash in Google Drive. This action allows you to permanently remove all files that are...
-
GOOGLESUPER_GOOGLE_DRIVE_DELETE_FOLDER_OR_FILE_ACTIONDestructiveTool to delete a file or folder in Google Drive. Use when you need to permanently remove a specific file or folder using its ID. Note: This action is irreversible.
-
GOOGLESUPER_HIDE_DRIVEDestructiveTool to hide a shared drive from the default view. Use when you want to remove a shared drive from the user's main Google Drive interface without deleting it.
-
GOOGLESUPER_REMOVE_ATTENDEEDestructiveRemoves an attendee from a specified event in a Google Calendar; the calendar and event must exist.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.