High-risk tools in Tru
2 of the 35 tools in Tru are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
dev_enable_acpExecuteGenerate an ACP (Agent Commerce Protocol) bearer token for an app so external AI agents can create checkout sessions and pay via Shared Payment Tokens. Requires the app to have ...
-
loginExecuteAuthenticate with tru via the browser. Opens a browser window where the user selects their account and verifies their identity, then waits until authentication is complete. Cred...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.