invoice_issued_create

AI agents use invoice_issued_create to initiate financial transactions through AbraFlexi. Financial operations involve real money and are irreversible once processed. Intercept blocks financial tools by default, requiring explicit human approval with transaction-level limits to prevent unauthorised spending.

invoice_issued_create moves real money. Without a policy, an autonomous agent could initiate transactions that drain accounts or exceed budgets. Intercept blocks financial tools by default, requiring human-in-the-loop approval with configurable spending limits per transaction and per time window.

Financial tools involve real money. Block by default and require explicit human approval before enabling.

tools:
  invoice_issued_create:
    rules:
      - action: deny
        reason: "Requires human approval"

See the full AbraFlexi policy for all 21 tools.

View all 21 tools →

Agents calling financial-class tools like invoice_issued_create have been implicated in these attack patterns. Read the full case and prevention policy for each:

• Destructive Action Autonomy
• Runaway Tool Loops
• Privilege escalation via admin-only tools
• Data exfiltration via tool chaining

Browse the full MCP Attack Database →

Other tools in the Financial risk category across the catalogue. The same policy patterns (deny, require_approval) apply to each.

invoice_issued_create is one of the critical-risk operations in AbraFlexi. For the full severity-focused view — only the critical-risk tools with their recommended policies — see the breakdown for this server, or browse all critical-risk tools across every MCP server.

• Critical-risk tools in AbraFlexi →
• All critical-risk MCP tools →

• How to Add Spending Controls to Any MCP Agent
• Rate Limiting MCP Tool Calls: A Practical Guide
• MCP Security: Why Prompt Guardrails Aren't Enough
• The Case for Deterministic AI Agent Policies
• Why AI Agents Need a Control Plane