Critical-risk tools in Google Drive MCP Server

Critical severity Google Drive MCP Server MCP Server 8 of 107 tools

8 of the 107 tools in Google Drive MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

deleteCalendarEvent Destructive

Delete a calendar event
deleteComment Destructive

Delete a comment from the document
deleteGoogleSlide Destructive

Delete a slide from a presentation
deleteItem Destructive

Move a file or folder to trash (can be restored from Google Drive trash)
deleteRange Destructive

Delete content between start and end indices in a Google Doc. For multi-tab docs, specify tabId to target a specific tab.
deleteSheet Destructive

Delete a sheet/tab by sheetId
deleteSlideElement Destructive

Delete an element (image, text box, shape) from a Google Slides slide
removePermission Destructive

Remove a permission from a file (by permissionId or emailAddress)

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in Google Drive MCP Server

Tools at critical risk

Attacks that target this class

More on Google Drive MCP Server

Enforce policy on every Google Drive MCP Server tool call.