Critical-risk tools in Gmail MCP

Critical severity Gmail MCP MCP Server 11 of 65 tools

11 of the 65 tools in Gmail MCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

batch_delete_messages Destructive

Delete multiple messages
delete_draft Destructive

Delete a draft
delete_filter Destructive

Deletes a filter
delete_forwarding_address Destructive

Deletes the specified forwarding address
delete_label Destructive

Delete a label
delete_message Destructive

Immediately and permanently delete a message
delete_send_as Destructive

Deletes the specified send-as alias
delete_smime_info Destructive

Deletes the specified S/MIME config for the specified send-as alias
delete_thread Destructive

Delete a thread
remove_delegate Destructive

Removes the specified delegate
trash_message Destructive

Move a message to the trash

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in Gmail MCP

Tools at critical risk

Attacks that target this class

More on Gmail MCP

Enforce policy on every Gmail MCP tool call.