Critical-risk tools in Gitlab
18 of the 190 tools in Gitlab are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
gitlab_delete_branchDestructiveDelete a repository branch permanently. Requires branch. Recommended pre-check: gitlab_get_branch.
-
gitlab_delete_draft_noteDestructiveDelete a merge-request draft note permanently. Irreversible. Requires merge_request_iid and draft_note_id. Recommended pre-check: gitlab_get_draft_note or gitlab_list_draft_notes.
-
gitlab_delete_group_wiki_pageDestructiveDelete a group wiki page permanently. Irreversible. Requires group_id and slug. Recommended pre-check: gitlab_get_group_wiki_page or gitlab_list_group_wiki_pages.
-
gitlab_delete_issueDestructiveDelete an issue permanently. Irreversible. Requires issue_iid. Recommended pre-check: gitlab_get_issue.
-
gitlab_delete_issue_emoji_reactionDestructiveDelete an emoji reaction from an issue permanently. Irreversible for that reaction. Requires issue_iid and award_id. Recommended pre-check: gitlab_list_issue_emoji_reactions.
-
gitlab_delete_issue_linkDestructiveDelete an issue link permanently. Irreversible for that relation. Requires issue_iid and issue_link_id. Recommended pre-check: gitlab_get_issue_link or gitlab_list_issue_links.
-
gitlab_delete_issue_note_emoji_reactionDestructiveDelete an emoji reaction from an issue note permanently. Irreversible for that reaction. Requires issue_iid, note_id, and award_id. Recommended pre-check: gitlab_list_issue_note...
-
gitlab_delete_labelDestructiveDelete a label permanently. Irreversible. Requires name or label_id. Recommended pre-check: gitlab_get_label or gitlab_list_labels.
-
gitlab_delete_merge_request_discussion_noteDestructiveDelete an MR discussion note permanently. Irreversible. Requires merge_request_iid, discussion_id, and note_id. Recommended pre-check: gitlab_list_merge_request_discussions.
-
gitlab_delete_merge_request_emoji_reactionDestructiveDelete an emoji reaction from a merge request permanently. Irreversible for that reaction. Requires merge_request_iid and award_id. Recommended pre-check: gitlab_list_merge_requ...
-
gitlab_delete_merge_request_noteDestructiveDelete a top-level MR note permanently. Irreversible. Requires merge_request_iid and note_id. Recommended pre-check: gitlab_get_merge_request_note or gitlab_list_merge_request_n...
-
gitlab_delete_merge_request_note_emoji_reactionDestructiveDelete an emoji reaction from a merge request note permanently. Irreversible for that reaction. Requires merge_request_iid, note_id, and award_id. Recommended pre-check: gitlab_...
-
gitlab_delete_milestoneDestructiveDelete a milestone permanently. Irreversible. Requires milestone_id. Recommended pre-check: gitlab_get_milestone or gitlab_list_milestones.
-
gitlab_delete_releaseDestructiveDelete the release record for tag_name permanently. Irreversible for the release entry. Requires tag_name. Recommended pre-check: gitlab_get_release or gitlab_list_releases.
-
gitlab_delete_tagDestructiveDelete a repository tag permanently. Irreversible for tag_name. Requires tag_name. Recommended pre-check: gitlab_get_tag or gitlab_list_tags.
-
gitlab_delete_wiki_pageDestructiveDelete a wiki page permanently. Irreversible. Requires slug. Recommended pre-check: gitlab_get_wiki_page or gitlab_list_wiki_pages.
-
gitlab_delete_work_item_emoji_reactionDestructiveRemove the current user
-
gitlab_delete_work_item_note_emoji_reactionDestructiveRemove the current user
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.