Critical-risk tools in Pinako AI Bridge
5 of the 44 tools in Pinako AI Bridge are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_libraryDestructivePermanently deletes a single library and ALL its content (tabs, notes, tags, memos, child windows/groups/folders). Removes the library from any group it belongs to AND from the ...
-
delete_library_groupDestructiveRemoves a library group. TWO MODES via cascadeMembers: (1) DEFAULT (cascadeMembers omitted/false) — DISSOLVE: member libraries are KEPT and re-appear in the standalone library c...
-
delete_live_nodeDestructiveDESTRUCTIVE — closes the live browser tab(s) AND removes the tree node entirely (compound of ghost_node + delete_node, but bypasses delete_node\
-
delete_nodeDestructiveDESTRUCTIVE — permanently removes a GHOST node (chromeId=null) and its metadata (tags, memos, star color, custom title). For scope=
-
delete_noteDestructivePermanently deletes a note from a library or the main tree. Cloud-side delete is automatic on next persist (the per-scope notes sync diffs current ids against existing Supabase ...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.