Generate a skill-proficiency assessment (MCQs) for a learner. You provide a skill, target proficiency, number of questions, and the work item the learner is preparing for. Unfold returns the questions with multiple-choice options, a signed assessment_token, and a proficiency band map. The learner...
AI agents call generate_skill_assessment to retrieve information from Unfold It MCP Server without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
The tool generates and retrieves assessment questions along with a signed token — it is fundamentally a data retrieval/generation operation with no side effects. It does not create persistent records, modify state, execute code, or perform destructive actions. The output (questions + token) is consumed by the caller's UI for a subsequent scoring step.
From the tool's definition Generate a skill-proficiency assessment (MCQs) for a learner... Unfold returns the questions with multiple-choice options, a signed assessment_token, and a proficiency band map.
Attacks that exploit this kind of access
Generate a skill-proficiency assessment (MCQs) for a learner. You provide a skill, target proficiency, number of questions, and the work item the learner is preparing for. Unfold returns the questions with multiple-choice options, a signed assessment_token, and a proficiency band map. The learner answers in your UI; then call score_skill_assessment with the token and answers. Questions are AI-generated and validated (structural + semantic) before being returned. The assessment_token is HMAC-signed and tamper-proof; it contains the answer key AND per-question facet labels (since v0.7.0) so scoring is stateless and deterministic, and score returns per-facet aggregation without you doing any client-side joins. CHAINING: - work_item_context is the strongest grounding signal: questions get anchored to it instead of being generic textbook items. Pass title + description whenever you have them. - The same work_item_context flows through to score_skill_assessment. It is categorised as a Read tool in the Unfold It MCP Server MCP Server, which means it retrieves data without modifying state.
Register the Unfold It MCP Server MCP server in PolicyLayer and add a rule for generate_skill_assessment: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Unfold It MCP Server. Nothing to install.
generate_skill_assessment is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the generate_skill_assessment rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for generate_skill_assessment. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
generate_skill_assessment is provided by the Unfold It MCP Server MCP server (unfold-it/unfoldit-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →