High-risk tools in Courier
5 of the 123 tools in Courier are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
invoke_ad_hoc_automationExecuteInvoke an ad-hoc automation with inline steps. Valid step actions: send, send-list, delay, cancel, update-profile, invoke, fetch-data. To cancel a previously started automation,...
-
invoke_automation_templateExecuteInvoke an automation run from an existing automation template. Call list_automations first to get the template_id. Example: { template_id: "auto-onboarding", recipient: "user-12...
-
invoke_journeyExecuteInvoke a journey run from a journey template. Call list_journeys first to find the template_id. Example: { template_id: "j-onboarding", user_id: "user-123", data: { plan: "pro" ...
-
run_bulk_jobExecuteRun a bulk job, triggering delivery to all added users.
-
track_inbound_eventExecuteTrack an inbound event that can trigger automations. Requires event name, messageId (for deduplication), and properties.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.