Critical-risk tools in Travel Agent MCP Server
9 of the 64 tools in Travel Agent MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
CANCEL_FLIGHT_BOOKINGDestructiveCancel a flight booking using the cancellation UUID sent to the traveler
-
CANCEL_HOTEL_BOOKINGDestructiveCancel a hotel booking using the cancellation UUID sent to the guest
-
CLOSE_ACCOUNTDestructivePermanently close the logged-in user
-
FORGOT_PASSWORDDestructiveSend a password-reset OTP to the user
-
BOOK_FLIGHTFinancialBook a flight for real money. Requires a freshly CONFIRM_FLIGHT_PRICE
-
BOOK_HOTELFinancialBook a hotel for real money — the TVA hotel API takes raw card details directly in this call (no
-
CONFIRM_FLIGHT_PAYMENTFinancialConfirm a flight booking payment using a Paystack transaction reference obtained from the checkout
-
CONFIRM_HOTEL_PAYMENTFinancialConfirm a hotel booking payment using a Paystack transaction reference from the checkout flow.
-
SELECT_FLIGHT_SEATFinancialSelect a seat on a booking. If the seat has a price, this charges the stored payment method — check
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.