Critical-risk tools in Dialogbrain
18 of the 157 tools in Dialogbrain are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
agents_deleteDestructivePermanently delete an AI agent. WARNING: This cannot be undone. The agent and all its triggers will be removed.
-
agents_remove_fileDestructiveRemove a file from this agent's private knowledge. The file itself is not deleted — it's just detached from this agent. Use agents.list_files to find the file_id to remove.
-
agents_trigger_deleteDestructiveDelete a trigger from an AI agent. WARNING: This cannot be undone.
-
ai_filters_deleteDestructivePermanently delete an AI filter. When to use: - User wants to remove a filter they no longer need This action cannot be undone. Any triggers that reference this filter by ID w...
-
ai_tags_deleteDestructiveDelete a personal AI tag. All thread associations are removed automatically. When to use: - User wants to permanently remove a tag they no longer need This cannot be undone. T...
-
ai_tags_remove_from_threadDestructiveRemove a specific AI tag from a thread. When to use: - User wants to un-label or remove a specific tag from a conversation - User wants to correct an incorrectly applied tag P...
-
calendar_delete_eventDestructiveDelete an event from Google Calendar. This action cannot be undone. Use with caution.
-
collections_deleteDestructiveDelete a knowledge collection. If the collection is assigned to agents, prompts, or channels, pass force=true to delete anyway. CASCADE removes all assignments automatically.
-
collections_remove_fileDestructiveRemove a file from a knowledge collection. The file itself is not deleted — only the collection membership is removed.
-
collections_unassign_agentDestructiveRemove a knowledge collection from an AI agent. The collection and its files are not deleted — only the agent assignment is removed.
-
folders_deleteDestructive🗑️ Delete an inbox folder. Threads inside become unfiled (not deleted). When to use: - User wants to remove a folder they no longer need - User wants to clean up their inbox o...
-
messages_deleteDestructiveDelete a message from a thread. Supports Telegram, WhatsApp, and other connected channels. Note: Some channels have time limits on message deletion.
-
notes_deleteDestructiveDelete a note by ID from the target notebook. Same identity rules as notes.save — agents can only delete from their own notebook.
-
reminder_cancelDestructiveCancel an active reminder by its trigger ID.
-
tasks_deleteDestructiveDelete a task from your to-do list by its ID.
-
widgets_deleteDestructiveDelete a livechat widget permanently. This will remove the widget and its embed code will stop working. Existing chat history will be preserved. Use this when user wants to re...
-
youtube_delete_commentDestructivePermanently delete a YouTube comment by id (or 'youtube:comment:<id>'). Cannot be undone. Costs 50 quota units.
-
youtube_delete_videoDestructivePermanently delete a YouTube video by id (or 'youtube:video:<id>'). Cannot be undone. Costs 50 quota units. Caller must own the channel.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.