High-risk tools in Agent Passport System — Cryptographic Identity for AI Agents
5 of the 125 tools in Agent Passport System — Cryptographic Identity for AI Agents are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
commerce_preflightExecute 3/5Run preflight checks before a purchase. Validates passport, delegation, merchant, and spend limits.
-
execute_with_contextExecute 3/5Execute an action through the enforcement context. Automatically runs the 3-signature chain: creates intent (sig 1), evaluates against floor + delegation (sig 2), returns verdic...
-
gateway_execute_approvalExecute 3/5Execute a previously approved tool call. Rechecks delegation validity before execution — if delegation was revoked since approval, execution is denied.
-
governance_360Execute 4/5Execute the full governance 360 loop on HTML content: extract governance block → verify signature + content hash → check usage terms → create signed access receipt. This is what...
-
parse_governance_block_htmlExecute 3/5Extract a governance block from an HTML page. Looks for APS governance script tags or meta tags.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on Agent Passport System — Cryptographic Identity for AI Agents
Enforce policy on Agent Passport System — Cryptographic Identity for AI Agents
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init