High-risk tools in Geminicli
3 of the 3 tools in Geminicli are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
gemini_promptExecuteInvoke the headless Gemini CLI with a single prompt. Stateless — each call is an independent turn. Runs in the MCP server
-
gemini_prompt_structuredExecuteInvoke the headless Gemini CLI and parse its response as JSON validated against a caller-provided JSON Schema. Stateless. Fails loudly with an isError result if the response is ...
-
gemini_prompt_with_contextExecuteInvoke the headless Gemini CLI with a prompt plus a separate context block. Stateless — each call is an independent turn. The context is prepended to the prompt inside a <contex...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.