High-risk tools in Context Engine MCP Server
10 of the 50 tools in Context Engine MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
execute_planExecuteExecute steps from an implementation plan, generating code changes. This tool orchestrates the execution of plan steps, using AI to generate the actual code changes needed for ...
-
index_workspaceExecuteIndex the current workspace for semantic search. This tool scans all source files in the workspace and builds a semantic index that enables fast, meaning-based code search. **...
-
reactive_review_prExecuteStart a reactive PR code review session. This tool initiates an AI-powered code review with advanced features: - **Commit-aware caching**: Caches context by commit hash for eff...
-
run_static_analysisExecuteRun local static analyzers (tsc and optional semgrep) and return structured findings.
-
check_invariantsExecuteRun YAML invariants deterministically against a unified diff (no LLM).
-
pause_reviewExecutePause a running reactive review session. The review can be resumed later with resume_review. Useful for: - Freeing up resources temporarily - Allowing manual intervention - Sto...
-
respond_approvalExecuteRespond to a pending approval request (approve, reject, or request modifications).
-
scrub_secretsExecuteScrub secrets from content before sending to LLM. Detects and masks 15+ types of secrets: - AWS keys, OpenAI/Anthropic API keys - GitHub tokens, Stripe keys, Firebase/Supabase ...
-
validate_contentExecuteRun multi-tier validation on content. **Tier 1 (Deterministic):** - Balanced brackets/braces - Valid JSON structure - Non-empty content **Tier 2 (Heuristic):** - TODO/FIXME de...
-
resume_reviewExecuteResume a paused reactive review session. Continues execution from where it was paused.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.