Searches extracted PDF text with page, snippet, bounding-box, and provenance evidence for agent retrieval.
AI agents call search_pdf to retrieve information from Pdf Reader without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
query | string | Yes | Literal text query to search for in extracted PDF text. |
sources | array | Yes | |
max_pages | integer | — | Maximum pages to search per source. Defaults to 100 and is capped at 1000. |
whole_word | boolean | — | Match only whole words using ASCII word boundaries. |
context_chars | integer | — | Context characters to include around each match. Defaults to 120. |
case_sensitive | boolean | — | Use case-sensitive literal matching. |
include_ocr_text_layer | boolean | — | Also search a configured local OCR text layer for selected pages. Disabled by default because it renders pages and runs the OCR provider. |
max_matches_per_source | integer | — | Maximum matches returned per source. Defaults to 50 and is capped at 500. |
Parameters from the server's own tool schema.
This tool searches and queries PDF text to retrieve matching content—a classic Read operation with no side effects. The blast radius is minimal: misuse could only expose existing PDF content to which the agent already has access. No data is created, modified, deleted, or executed.
From the tool's definition Tool 'search_pdf' performs text searching within extracted PDF content, returning 'page, snippet, bounding-box, and provenance evidence.' It retrieves information without modifying or executing operations.
Risk signalsAccepts freeform code/query input (query) · Accepts file system path (sources[].path) · Accepts URL/endpoint input (sources[].url) · High parameter count (11 properties)
Attacks that exploit this kind of access
Searches extracted PDF text with page, snippet, bounding-box, and provenance evidence for agent retrieval. It is categorised as a Read tool in the Pdf Reader MCP Server, which means it retrieves data without modifying state.
search_pdf accepts 8 parameters: query, sources, max_pages, whole_word, context_chars, case_sensitive, include_ocr_text_layer, max_matches_per_source. Required: query, sources. The full parameter table on this page comes from the server's own tool schema.
Register the Pdf Reader MCP server in PolicyLayer and add a rule for search_pdf: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Pdf Reader. Nothing to install.
search_pdf is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the search_pdf rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for search_pdf. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
search_pdf is provided by the Pdf Reader MCP server (@sylphx/pdf-reader-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →