Critical-risk tools in Automagik Tools
13 of the 122 tools in Automagik Tools are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_agent_conversationDestructiveDelete a conversation session with an agent. This cannot be undone.
-
delete_credentialDestructiveDelete a stored credential.
-
delete_messageDestructiveDelete message for everyone. Only works for messages from you (from_me=True), within ~48 hour window. Args: message_id, phone, instance_name, from_me. Returns: confirmation.
-
delete_scheduleDestructiveDelete a schedule.
-
delete_sourceDestructiveDelete a workflow source.
-
delete_taskDestructiveDelete a task execution.
-
delete_team_collaborationDestructiveDelete a team collaboration session. This cannot be undone.
-
delete_workflowDestructiveDelete a synchronized workflow.
-
delete_workflow_executionDestructiveDelete a workflow execution session. This cannot be undone.
-
genie_clear_memoriesDestructivegenie_clear_memories
-
remove_contactDestructiveRemove contact from local database. Args: phone_number. Returns: confirmation.
-
remove_toolDestructiveRemove a tool from your personal collection.
-
end_sessionDestructiveEnd a specific Gemini consultation session to free up memory.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.