genome_download_by_taxon
AI agents call genome_download_by_taxon to retrieve information from Ncbi Datasets without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
Despite the word 'download' in the name, this tool retrieves genome data by taxonomic classification from NCBI—a read-only operation. The empty description lowers confidence slightly, but context from the server purpose (search and retrieve without side effects) and sibling tools strongly indicates data retrieval rather than code execution or modification.
From the tool's definition Tool name contains 'download' and is part of a data retrieval suite (NCBI Datasets). Sibling tools include 'genome_summary_by_taxon' and 'taxonomy_download', which are clearly Read operations.
Attacks that exploit this kind of access
genome_download_by_taxon. It is categorised as a Read tool in the Ncbi Datasets MCP Server, which means it retrieves data without modifying state.
Register the Ncbi Datasets MCP server in PolicyLayer and add a rule for genome_download_by_taxon: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Ncbi Datasets. Nothing to install.
genome_download_by_taxon is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the genome_download_by_taxon rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for genome_download_by_taxon. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
genome_download_by_taxon is provided by the Ncbi Datasets MCP server (syntheticgio/ncbi-datasets-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →