Prepares a leave request payload before submission. IMPORTANT: reason (사유) is required by company policy for ALL leave types — never omit it. If the user has not provided a reason, ask them before calling this tool. Do not infer missing leave fields from past records. If leave type is missing, as...
AI agents use leave.prepare_request to create or update resources in Tlc Portal — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Tlc Portal environment.
This tool creates/prepares a vacation request payload that will be submitted. It is a preparatory write step before actual submission — it constructs structured data for a leave request. It does not execute or submit it (that's leave.submit_prepared_request), and it's not destructive or financial. It fits Write as it creates a request payload.
From the tool's definition Prepares a leave request payload before submission
Attacks that exploit this kind of access
Prepares a leave request payload before submission. IMPORTANT: reason (사유) is required by company policy for ALL leave types — never omit it. If the user has not provided a reason, ask them before calling this tool. Do not infer missing leave fields from past records. If leave type is missing, ask the user using the Korean labels first, not raw codes alone: 종일휴가, 오전반차, 오후반차, 인정휴가, 인정오전반차, 인정오후반차. It is categorised as a Write tool in the Tlc Portal MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Tlc Portal MCP server in PolicyLayer and add a rule for leave.prepare_request: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Tlc Portal. Nothing to install.
leave.prepare_request is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the leave.prepare_request rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for leave.prepare_request. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
leave.prepare_request is provided by the Tlc Portal MCP server (mingovvv/tlc-portal-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →