High-risk tools in Prompt To Asset
6 of the 24 tools in Prompt To Asset are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
asset_brand_bundle_parseExecuteParse a brand source (brand.json, DTCG tokens, AdCP spec, brand.md, or raw text) into the canonical BrandBundle schema.
-
asset_capabilitiesExecuteReport which of the three execution modes this server can run RIGHT NOW given the current env: inline_svg (zero key — hosting LLM authors the SVG), external_prompt_only (zero ke...
-
asset_doctorExecuteStructured environment inventory — MCP equivalent of `p2a doctor`. Returns native-dependency status (sharp, vtracer, potrace, png-to-ico, satori, resvg-js, tesseract.js, svgo), ...
-
asset_ingest_externalExecuteIngest an image the user generated in an external tool (Midjourney, Nano Banana, Ideogram web, Recraft, Flux Playground, etc.) and run the matte → vectorize (where applicable) →...
-
asset_init_brandExecuteScaffold brand.json in the project root + ensure the assets dir exists. MCP equivalent of the `brand.json` portion of `p2a init`. Auto-detects the framework (Next.js, Expo, Flut...
-
asset_vectorizeExecuteConvert a raster image to SVG. Tries in order: Recraft /vectorize (if PROMPT_TO_BUNDLE_RECRAFT_VECTORIZE_URL is set), vtracer on PATH, potrace on PATH, then a built-in posterize...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.