Critical-risk tools in Apps Script MCP

Critical severity Apps Script MCP MCP Server 7 of 60 tools

7 of the 60 tools in Apps Script MCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

delete_deployment_tool Destructive

Delete a deployment.
delete_drive_file_tool Destructive

Permanently delete a file from Google Drive.
delete_event_tool Destructive

Delete a calendar event.
delete_script_project_tool Destructive

Delete an Apps Script project.
delete_task_tool Destructive

Delete a task from Google Tasks.
remove_drive_permission_tool Destructive

Remove a permission from a file or folder.
trash_drive_file_tool Destructive

Move a file to trash in Google Drive (recoverable).

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in Apps Script MCP

Tools at critical risk

Attacks that target this class

More on Apps Script MCP

Enforce policy on every Apps Script MCP tool call.