AI agents use wb_submit to create or update resources in Workbench — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Workbench environment.
该工具的核心行为是创建待审文档记录并触发审批流程,属于Write范畴(创建/修改数据)而非Execute(因其不执行任意代码),也非Destructive(文档仍可修改或撤回)。严重程度为高,因为错误提交可能污染审批队列、影响多角色工作流、或将未经验证的工作制品推进到下游。信心度0.85源于中文描述的清晰性,但缺乏参数/返回值细节。
From the tool's definition wb_submit 名称含'submit',描述'契约文档送审(进入用户待审队列)'表明该工具创建或修改可审核的文档实体,将其置入工作流队列。这是不可逆的状态转移,且与同级的 wb_audit、wb_dispute、wb_claim、wb_feedback 构成多角色审批流水线的一部分。
Attacks that exploit this kind of access
契约文档送审(进入用户待审队列). It is categorised as a Write tool in the Workbench MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Workbench MCP server in PolicyLayer and add a rule for wb_submit: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Workbench. Nothing to install.
wb_submit is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the wb_submit rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for wb_submit. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
wb_submit is provided by the Workbench MCP server (nvrenshiren/workbench). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
wb_submit is one line of Workbench's registry record.
The record carries the whole server: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.
Teams ship this data inside their own products. See what a licence covers →