High-risk tools in Context Mode
5 of the 11 tools in Context Mode are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
ctx_batch_executeExecuteRun multiple commands in ONE call. Every command
-
ctx_executeExecuteRun code in a sandboxed subprocess.${RB} Languages: ${PB}. Think-in-Code \u2014 the core philosophy: the bytes your code processes never enter your conversation memory; only wh...
-
ctx_execute_fileExecuteRead a file into a sandboxed FILE_CONTENT variable and run code over it. Only what you console.log() enters your conversation \u2014 the file bytes stay in the sandbox. Think-i...
-
ctx_insightExecuteOpens the context-mode Insight dashboard in the browser \u2014 a dashboard launcher for session analytics; for natural-language queries over indexed content, use ctx_search. Sho...
-
ctx_upgradeExecuteUpgrade context-mode to the latest version. Returns a shell command to execute. You MUST run the returned command using your shell tool (Bash, shell_execute, run_in_terminal, et...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.