High-risk tools in Jules MCP Server
5 of the 26 tools in Jules MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
jules_approve_planExecuteApproves the current plan for a session.
-
jules_create_and_waitExecuteCreates a Jules session AND waits for it to complete in a single operation.
-
jules_quick_taskExecuteSimplest way to assign a task to Jules with sensible defaults.
-
jules_wait_for_completionExecuteWaits for a Jules session to complete (success, failure, or cancellation).
-
send_reply_to_sessionExecuteInteracts with an active Jules session (approving plans or sending messages).
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.