Critical-risk tools in Valuein — SEC EDGAR Fundamentals & Smart-Money Data
8 of the 68 tools in Valuein — SEC EDGAR Fundamentals & Smart-Money Data are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_alertDestructiveSoft-delete an alert by its id (from create_alert/list_alerts): status flips to `deleted` and it is removed from the cron evaluator index so it stops firing. Alerts are immutabl...
-
delete_citation_overrideDestructiveRemove a user-authored citation correction by fact_id. Idempotent — deleting a missing override returns deleted=false without error. Once deleted, reports that previously render...
-
delete_claimDestructiveSoft-delete a claim by id. The row and its score history are preserved for audit (archived, not erased); the claim drops out of default list_claims results. Idempotent — deletin...
-
delete_reportDestructiveSoft-delete a report owned by the caller: status flips to `delisted`, visibility to `private` — not a hard delete, the row and R2 artifact are preserved (90-day audit window). I...
-
delete_thesisDestructiveSoft-delete a saved thesis: status flips to `archived` (the row stays for audit / re-scoring). Idempotent — archiving an already-archived thesis succeeds. Hard-delete is not sup...
-
delete_watchlistDestructiveSoft-delete a watchlist by its name (not id): status flips to `archived` (still readable via list_watchlists status=all/archived). The name is freed for reuse by a new save_watc...
-
dismiss_inbox_itemDestructiveSoft-delete a single inbox item by its id (from list_alert_inbox) — not an alert id; sets `dismissed_at`. The row stays queryable via `list_alert_inbox(include_dismissed=true)` ...
-
unlink_claim_from_thesisDestructiveRemove the link between a claim and a thesis. Idempotent — succeeds whether or not the link existed. The claim and thesis themselves are untouched. Tier: paid + free (sample rej...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.