Runs a Google Analytics Data API report. Note that the reference docs at https://developers.google.com/analytics/devguides/reporting/data/v1/rest/v1beta all use camelCase field names, but field names passed to this method should be in snake_case since the tool is using...
High parameter count (11 properties); Single-target operation
Part of the Google Analytics MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents invoke run_report to trigger processes or run actions in Google Analytics. Execute operations can have side effects beyond the immediate call -- triggering builds, sending notifications, or starting workflows. Rate limits and argument validation are essential to prevent runaway execution.
run_report can trigger processes with real-world consequences. An uncontrolled agent might start dozens of builds, send mass notifications, or kick off expensive compute jobs. Intercept enforces rate limits and validates arguments to keep execution within safe bounds.
Execute tools trigger processes. Rate-limit and validate arguments to prevent unintended side effects.
tools:
run_report:
rules:
- action: allow
rate_limit:
max: 10
window: 60
validate:
required_args: trueSee the full Google Analytics policy for all 7 tools.
Agents calling execute-class tools like run_report have been implicated in these attack patterns. Read the full case and prevention policy for each:
Other tools in the Execute risk category across the catalogue. The same policy patterns (rate-limit, validate) apply to each.
run_report is one of the high-risk operations in Google Analytics. For the full severity-focused view — only the high-risk tools with their recommended policies — see the breakdown for this server, or browse all high-risk tools across every MCP server.
Runs a Google Analytics Data API report. Note that the reference docs at https://developers.google.com/analytics/devguides/reporting/data/v1/rest/v1beta all use camelCase field names, but field names passed to this method should be in snake_case since the tool is using the protocol buffers (protobuf) format. The protocol buffers for the Data API are available at https://github.com/googleapis/googleapis/tree/master/google/analytics/data/v1beta. Args: property_id: The Google Analytics property ID. Accepted formats are: - A number - A string consisting of 'properties/' followed by a number date_ranges: A list of date ranges (https://developers.google.com/analytics/devguides/reporting/data/v1/rest/v1beta/DateRange) to include in the report. dimensions: A list of dimensions to include in the report. metrics: A list of metrics to include in the report. dimension_filter: A Data API FilterExpression (https://developers.google.com/analytics/devguides/reporting/data/v1/rest/v1beta/FilterExpression) to apply to the dimensions. Don't use this for filtering metrics. Use metric_filter instead. The `field_name` in a `dimension_filter` must be a dimension, as defined in the `get_standard_dimensions` and `get_dimensions` tools. metric_filter: A Data API FilterExpression (https://developers.google.com/analytics/devguides/reporting/data/v1/rest/v1beta/FilterExpression) to apply to the metrics. Don't use this for filtering dimensions. Use dimension_filter instead. The `field_name` in a `metric_filter` must be a metric, as defined in the `get_standard_metrics` and `get_metrics` tools. order_bys: A list of Data API OrderBy (https://developers.google.com/analytics/devguides/reporting/data/v1/rest/v1beta/OrderBy) objects to apply to the dimensions and metrics. limit: The maximum number of rows to return in each response. Value must be a positive integer <= 250,000. Used to paginate through large reports, following the guide at https://developers.google.com/analytics/devguides/reporting/data/v1/basics#pagination. offset: The row count of the start row. The first row is counted as row 0. Used to paginate through large reports, following the guide at https://developers.google.com/analytics/devguides/reporting/data/v1/basics#pagination. currency_code: The currency code to use for currency values. Must be in ISO4217 format, such as "AED", "USD", "JPY". If the field is empty, the report uses the property's default currency. return_property_quota: Whether to return property quota in the response. ## Hints for arguments Here are some hints that outline the expected format and requirements for arguments. ### Hints for `dimensions` The `dimensions` list must consist solely of either of the following: 1. Standard dimensions defined in the HTML table at https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#dimensions. These dimensions are available to *every* property. 2. Custom dimensions for the `property_id`. Use the `get_custom_dimensions_and_metrics` tool to retrieve the list of custom dimensions for a property. ### Hints for `metrics` The `metrics` list must consist solely of either of the following: 1. Standard metrics defined in the HTML table at https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#metrics. These metrics are available to *every* property. 2. Custom metrics for the `property_id`. Use the `get_custom_dimensions_and_metrics` tool to retrieve the list of custom metrics for a property. ### Hints for `date_ranges`: Example date_range arguments: 1. A single date range: [ {"start_date": "2025-01-01", "end_date": "2025-01-31", "name": "Jan2025"} ] 2. A relative date range using 'yesterday' and 'today': [ {"start_date": "yesterday", "end_date": "today", "name": "YesterdayAndToday"} ] 3. A relative date range using 'NdaysAgo' and 'today': [ {"start_date": "30daysAgo", "end_date": "yesterday", "name": "Previous30Days"}] 4. Multiple date ranges: [ {"start_date": "2025-01-01", "end_date": "2025-01-31", "name": "Jan2025"}, {"start_date": "2025-02-01", "end_date": "2025-02-28", "name": "Feb2025"} ] ### Hints for `dimension_filter`: Example dimension_filter arguments: 1. A simple filter: {"filter": {"field_name": "eventName", "string_filter": {"match_type": 2, "value": "add", "case_sensitive": false}}} 2. A NOT filter: {"not_expression": {"filter": {"field_name": "eventName", "string_filter": {"match_type": 2, "value": "add", "case_sensitive": false}}}} 3. An empty value filter: {"filter": {"field_name": "source", "empty_filter": {}}} 4. An AND group filter: {"and_group": {"expressions": [{"filter": {"field_name": "sourceMedium", "string_filter": {"match_type": 1, "value": "google / cpc", "case_sensitive": false}}}, {"filter": {"field_name": "eventName", "in_list_filter": {"values": ["first_visit", "purchase", "add_to_cart"], "case_sensitive": true}}}]}} 5. An OR group filter: {"or_group": {"expressions": [{"filter": {"field_name": "sourceMedium", "string_filter": {"match_type": 1, "value": "google / cpc", "case_sensitive": false}}}, {"filter": {"field_name": "eventName", "in_list_filter": {"values": ["first_visit", "purchase", "add_to_cart"], "case_sensitive": true}}}]}} Notes: The API applies the `dimension_filter` and `metric_filter` independently. As a result, some complex combinations of dimension and metric filters are not possible in a single report request. For example, you can't create a `dimension_filter` and `metric_filter` combination for the following condition: ( (eventName = "page_view" AND eventCount > 100) OR (eventName = "join_group" AND eventCount < 50) ) This isn't possible because there's no way to apply the condition "eventCount > 100" only to the data with eventName of "page_view", and the condition "eventCount < 50" only to the data with eventName of "join_group". More generally, you can't define a `dimension_filter` and `metric_filter` for: ( ((dimension condition D1) AND (metric condition M1)) OR ((dimension condition D2) AND (metric condition M2)) ) If you have complex conditions like this, either: a) Run a single report that applies a subset of the conditions that the API supports as well as the data needed to perform filtering of the API response on the client side. For example, for the condition: ( (eventName = "page_view" AND eventCount > 100) OR (eventName = "join_group" AND eventCount < 50) ) You could run a report that filters only on: eventName one of "page_view" or "join_group" and include the eventCount metric, then filter the API response on the client side to apply the different metric filters for the different events. or b) Run a separate report for each combination of dimension condition and metric condition. For the example above, you'd run one report for the combination of (D1 AND M1), and another report for the combination of (D2 AND M2). Try to run fewer reports (option a) if possible. However, if running fewer reports results in excessive quota usage for the API, use option b. More information on quota usage is at https://developers.google.com/analytics/blog/2023/data-api-quota-management. ### Hints for `metric_filter`: Example metric_filter arguments: 1. A simple filter: {"filter": {"field_name": "eventCount", "numeric_filter": {"operation": 4, "value": {"int64_value": "10"}}}} 2. A NOT filter: {"not_expression": {"filter": {"field_name": "eventCount", "numeric_filter": {"operation": 4, "value": {"int64_value": "10"}}}}} 3. An empty value filter: {"filter": {"field_name": "purchaseRevenue", "empty_filter": {}}} 4. An AND group filter: {"and_group": {"expressions": [{"filter": {"field_name": "eventCount", "numeric_filter": {"operation": 4, "value": {"int64_value": "10"}}}}, {"filter": {"field_name": "purchaseRevenue", "between_filter": {"from_value": {"double_value": 10.0}, "to_value": {"double_value": 25.0}}}}]}} 5. An OR group filter: {"or_group": {"expressions": [{"filter": {"field_name": "eventCount", "numeric_filter": {"operation": 4, "value": {"int64_value": "10"}}}}, {"filter": {"field_name": "purchaseRevenue", "between_filter": {"from_value": {"double_value": 10.0}, "to_value": {"double_value": 25.0}}}}]}} Notes: The API applies the `dimension_filter` and `metric_filter` independently. As a result, some complex combinations of dimension and metric filters are not possible in a single report request. For example, you can't create a `dimension_filter` and `metric_filter` combination for the following condition: ( (eventName = "page_view" AND eventCount > 100) OR (eventName = "join_group" AND eventCount < 50) ) This isn't possible because there's no way to apply the condition "eventCount > 100" only to the data with eventName of "page_view", and the condition "eventCount < 50" only to the data with eventName of "join_group". More generally, you can't define a `dimension_filter` and `metric_filter` for: ( ((dimension condition D1) AND (metric condition M1)) OR ((dimension condition D2) AND (metric condition M2)) ) If you have complex conditions like this, either: a) Run a single report that applies a subset of the conditions that the API supports as well as the data needed to perform filtering of the API response on the client side. For example, for the condition: ( (eventName = "page_view" AND eventCount > 100) OR (eventName = "join_group" AND eventCount < 50) ) You could run a report that filters only on: eventName one of "page_view" or "join_group" and include the eventCount metric, then filter the API response on the client side to apply the different metric filters for the different events. or b) Run a separate report for each combination of dimension condition and metric condition. For the example above, you'd run one report for the combination of (D1 AND M1), and another report for the combination of (D2 AND M2). Try to run fewer reports (option a) if possible. However, if running fewer reports results in excessive quota usage for the API, use option b. More information on quota usage is at https://developers.google.com/analytics/blog/2023/data-api-quota-management. ### Hints for `order_bys`: Example order_bys arguments: 1. Order by ascending 'eventName': [ {"dimension": {"dimension_name": "eventName", "order_type": 1}, "desc": false} ] 2. Order by descending 'eventName', ignoring case: [ {"dimension": {"dimension_name": "campaignName", "order_type": 2}, "desc": true} ] 3. Order by ascending 'audienceId': [ {"dimension": {"dimension_name": "audienceId", "order_type": 3}, "desc": false} ] 4. Order by descending 'eventCount': [ {"metric": {"metric_name": "eventValue"}, "desc": true} ] 5. Order by ascending 'eventCount': [ {"metric": {"metric_name": "eventCount"}, "desc": false} ] 6. Combination of dimension and metric order bys: [ {"dimension": {"dimension_name": "eventName", "order_type": 1}, "desc": false}, {"metric": {"metric_name": "eventValue"}, "desc": true}, ] 7. Order by multiple dimensions and metrics: [ {"dimension": {"dimension_name": "eventName", "order_type": 1}, "desc": false}, {"dimension": {"dimension_name": "audienceId", "order_type": 3}, "desc": false}, {"metric": {"metric_name": "eventValue"}, "desc": true}, ] The dimensions and metrics in order_bys must also be present in the report request's "dimensions" and "metrics" arguments, respectively. . It is categorised as a Execute tool in the Google Analytics MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Add a rule in your Intercept YAML policy under the tools section for run_report. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Google Analytics MCP server.
run_report is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the run_report rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for run_report. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
run_report is provided by the Google Analytics MCP server (google-analytics). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept