Attach a context source to a prompt. Send the extracted text content directly — useful for adding file contents, documentation, or reference material that should accompany the prompt.
AI agents use add_context_source to create or update resources in PromptingBox MCP Server — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your PromptingBox MCP Server environment.
This tool creates or modifies associations between prompts and context sources by attaching external content to prompts. It is reversible (can be undone by removing the context source) and has no destructive effects. While it modifies state, it does not execute code, delete data, or move funds. The blast radius is limited to prompt metadata/associations, making it Write severity rather than Execute or higher.
From the tool's definition The tool 'attaches' and sends content 'directly' to a prompt, modifying the prompt's associated data by adding context sources. This is a create/modify operation that adds data relationships.
Attacks that exploit this kind of access
Attach a context source to a prompt. Send the extracted text content directly — useful for adding file contents, documentation, or reference material that should accompany the prompt. It is categorised as a Write tool in the PromptingBox MCP Server MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the PromptingBox MCP Server MCP server in PolicyLayer and add a rule for add_context_source: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches PromptingBox MCP Server. Nothing to install.
add_context_source is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the add_context_source rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for add_context_source. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
add_context_source is provided by the PromptingBox MCP Server MCP server (promptingbox/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →