High-risk tools in Search
15 of the 36 tools in Search are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_evaluateExecuteExecute JavaScript in the browser console
-
browser_navigateExecuteNavigate to a URL
-
browser_new_tabExecuteOpen a new tab
-
run_commandExecuteRun a command on this
-
run_scriptExecuteRun a script on this
-
browser_go_backExecuteGo back to the previous page
-
browser_go_forwardExecuteGo forward to the next page
-
browser_hoverExecuteHover an element on the page, Either
-
browser_clickExecuteClick an element on the page, before using the tool, use
-
browser_form_input_fillExecuteFill out an input field, before using the tool, Either
-
browser_press_keyExecutePress a key on the keyboard
-
browser_scrollExecuteScroll the page
-
browser_selectExecuteSelect an element on the page with index, Either
-
browser_switch_tabExecuteSwitch to a specific tab
-
browser_vision_screen_clickExecuteClick left mouse button on the page with vision and snapshot, before calling this tool, you should call
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.