High-risk tools in AiPayGen

High severity AiPayGen MCP Server 7 of 106 tools

7 of the 106 tools in AiPayGen are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

batch Execute 4/5

Run up to 5 independent operations in one call. Each operation: {"endpoint": "research", "input": {"topic": "AI"}} Valid endpoints: research, summarize, analyze, t...
execute_skill Execute 3/5

Execute a specific skill by name. Use search_skills or list_skills to discover available skills.
invoke_catalog_api Execute 3/5

Actually call a catalog API and return its response. Get api_id from browse_catalog first. endpoint is the path to hit. params is a JSON string of query parameters ...
parse_csv Execute 3/5

Analyze CSV data and optionally answer questions about it. Returns columns, row count, and insights.
run_agent Execute 3/5

Run a custom agent by ID with optional input text.
run_python_code Execute 4/5

Execute Python code in a sandboxed subprocess. Returns stdout, stderr, returncode. Imports, file I/O, network access, and OS commands are blocked.
transform Execute 3/5

Transform text with any instruction: rewrite, reformat, expand, condense, change tone.

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in AiPayGen

Tools at high risk

Attacks that target this class

More on AiPayGen

Enforce policy on AiPayGen