Critical-risk tools in Infisical MCP
13 of the 59 tools in Infisical MCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_environmentDestructiveDelete an environment by ID.
-
delete_folderDestructiveDelete an Infisical folder by ID or name.
-
delete_identityDestructiveDelete an organization machine identity.
-
delete_identity_project_additional_privilegeDestructiveDelete an identity's project-specific additional privilege.
-
delete_projectDestructiveDelete an Infisical project.
-
delete_project_identityDestructiveDelete a project-managed machine identity.
-
delete_project_identity_membershipDestructiveDelete a machine identity's project membership.
-
delete_project_roleDestructiveDelete a custom project role.
-
delete_secretDestructiveDelete a static secret.
-
delete_secret_importDestructiveDelete a configured secret import.
-
remove_organization_user_membershipDestructiveRemove one organization user membership by membership ID.
-
remove_organization_user_membershipsDestructiveBulk remove organization user memberships by membership ID.
-
remove_project_usersDestructiveRemove users from a project by email or username.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.