Download an attachment from Redmine and save it to a local file Args: attachment_id: The ID of the attachment to download save_path: Fully qualified path where the file should be saved to (must be within REDMINE_ALLOWED_DIRECTORIES) filename: Optional filename to use for the attachment. If not pr...
AI agents call redmine_download to retrieve information from MCP Redmine without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
This tool retrieves and downloads an existing attachment—a read operation. While it writes to local disk, this is a side effect of retrieval, not data modification in Redmine. The blast radius is low: misuse downloads unintended files locally, posing information disclosure or storage risks, but cannot modify, delete, or execute code. The path constraint (REDMINE_ALLOWED_DIRECTORIES) further limits impact.
From the tool's definition Tool description states 'Download an attachment from Redmine and save it to a local file'. The parameters (attachment_id, save_path, filename) and return value (download status, file path) indicate retrieval of existing data with no modification of Redmine…
Documented attack patterns abuse exactly the kind of access redmine_download gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and MCP Redmine, and nothing reaches the server without passing your rules. This is the rule we recommend for redmine_download:
{
"version": "1",
"default": "deny",
"tools": {
"redmine_download": {}
}
}redmine_download is read-only, so it stays allowed — but everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Download an attachment from Redmine and save it to a local file Args: attachment_id: The ID of the attachment to download save_path: Fully qualified path where the file should be saved to (must be within REDMINE_ALLOWED_DIRECTORIES) filename: Optional filename to use for the attachment. If not provided, will be determined from attachment data or URL Returns: str: YAML string containing download status, file path, and any error messages. It is categorised as a Read tool in the MCP Redmine MCP Server, which means it retrieves data without modifying state.
Register the MCP Redmine MCP server in PolicyLayer and add a rule for redmine_download: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches MCP Redmine. Nothing to install.
redmine_download is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the redmine_download rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for redmine_download. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
redmine_download is provided by the MCP Redmine MCP server (runekaagaard/mcp-redmine). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 4 MCP Redmine tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4 MCP Redmine tools catalogued and risk-classified — across an index of 42,500+ MCP servers.