Runs focused PDF evidence operations behind one V3 tool: inspect, render pages, crop regions, OCR pages, or analyze visual regions.
AI agents call pdf_evidence to retrieve information from Pdf Reader without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
scale | number | — | Render scale for render, crop, OCR, and region analysis operations. |
sources | array | Yes | |
languages | array | — | |
max_pages | integer | — | Maximum pages for render_page or ocr_pages operations. |
operation | object | Yes | Evidence operation to run: inspect, render_page, extract_regions, ocr_pages, or analyze_regions. |
timeout_ms | integer | — | Timeout per OCR page or analyzed region in milliseconds. |
max_regions | integer | — | Maximum regions for extract_regions or analyze_regions operations. |
sample_pages | integer | — | Maximum pages to sample for inspect. Defaults to 5. |
include_image | boolean | — | Return rendered or cropped PNGs as MCP image parts for render_page and extract_regions. |
include_metadata | boolean | — | Include PDF metadata in inspect responses. |
max_output_chars | integer | — | Maximum OCR or visual-provider output characters returned per unit. |
max_pixels_per_page | integer | — | Maximum rendered pixels per page before image-producing operations. |
Parameters from the server's own tool schema.
Despite the multifaceted operations (inspect, render, crop, OCR, analyze), all capabilities are non-destructive information retrieval. Cropping and rendering are display/extraction operations, not data modification. OCR converts visual content to text without altering the source PDF. The sibling tools (read_pdf, search_pdf) confirm this server's read-only purpose.
From the tool's definition Tool performs inspect, render pages, crop regions, OCR pages, or analyze visual regions on PDF files — all read-only operations that retrieve or extract information without modifying data.
Risk signalsAccepts file system path (sources[].path) · Accepts URL/endpoint input (sources[].url) · High parameter count (24 properties)
Attacks that exploit this kind of access
Runs focused PDF evidence operations behind one V3 tool: inspect, render pages, crop regions, OCR pages, or analyze visual regions. It is categorised as a Read tool in the Pdf Reader MCP Server, which means it retrieves data without modifying state.
pdf_evidence accepts 12 parameters: scale, sources, languages, max_pages, operation, timeout_ms, max_regions, sample_pages, include_image, include_metadata, max_output_chars, max_pixels_per_page. Required: sources, operation. The full parameter table on this page comes from the server's own tool schema.
Register the Pdf Reader MCP server in PolicyLayer and add a rule for pdf_evidence: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Pdf Reader. Nothing to install.
pdf_evidence is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the pdf_evidence rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for pdf_evidence. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
pdf_evidence is provided by the Pdf Reader MCP server (@sylphx/pdf-reader-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →