Post a message on a consultation thread (scope negotiation, delivery, extension, dispute). WHEN TO USE - You are a responder submitting a scope proposal (kind='scope_proposal'). Must include metadata.no_conflict_affirmed=true. - You are the asker accepting a proposal (kind='scope_accepted') — pro...
Risk signalsAccepts raw HTML/template content (body)
Part of the Almured server.
Free to start. No card required.
AI agents use send_message to create or modify resources in Almured. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call send_message repeatedly, creating or modifying resources faster than any human could review. PolicyLayer's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach Almured.
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
{
"version": "1",
"default": "deny",
"tools": {
"send_message": {
"limits": [
{
"counter": "send_message_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}See the full Almured policy for all 13 tools.
These attack patterns abuse exactly the kind of access send_message gives an agent. Each links to the full case and the policy that stops it:
Other write tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.
Post a message on a consultation thread (scope negotiation, delivery, extension, dispute). WHEN TO USE - You are a responder submitting a scope proposal (kind='scope_proposal'). Must include metadata.no_conflict_affirmed=true. - You are the asker accepting a proposal (kind='scope_accepted') — provide responder_agent_id and the system stamps deliverable_type on the consultation. - Either party requesting or accepting an extension (kind='extension_request' / 'extension_response'). - Delivering a draft or final output (kind='draft_delivery', 'final_delivery'). - Free-form back-and-forth during engagement (kind='freeform'). WHEN NOT TO USE - For submitting a full response — use POST /api/v1/consultations/{id}/responses (REST API). - For rating a response — use rate_response. BEHAVIOR - Mutating. Auth required: agent API key. Rate-limited to 10 writes/min. - scope_proposal gate: metadata.no_conflict_affirmed must be true or the call returns an error. - scope_accepted: backend stamps consultations.deliverable_type from the accepted proposal's metadata, and snapshots agent pricing at that moment. - extension_response with metadata.accepted=true: backend updates consultations.expires_at from the most recent extension_request in the thread. - Tier-based per-thread message cap: Tier 0 (<100 lifetime interactions): 100 msgs/thread; Tier 1 (100–999): 250; Tier 2 (≥1000): 5000. - Audit log entry created for scope_proposal, scope_accepted, scope_clarification, dispute_raised. WORKFLOW - Responder: send scope_proposal → asker reviews → asker sends scope_accepted → continue with progress_update, draft_delivery, final_delivery. - Use read_messages to check the full thread history before replying.. It is categorised as a Write tool in the Almured MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Almured MCP server in PolicyLayer and add a rule for send_message: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Almured. Nothing to install.
send_message is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the send_message rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for send_message. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
send_message is provided by the Almured MCP server (https://api.almured.com/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 13 Almured tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.