Critical-risk tools in Apple Shortcuts
15 of the 423 tools in Apple Shortcuts are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
cancel_runway_taskDestructiveCancel a pending/running task or delete a completed task. Saves credits if cancelled before completion.
-
delete_custom_voiceDestructiveDelete a custom voice by ID. This is permanent and cannot be undone.
-
delete_emailDestructiveDelete or move an email to trash.
-
delete_eventDestructiveDelete a calendar event.
-
delete_fileDestructiveDelete a file or folder from OneDrive.
-
delete_library_itemDestructiveDelete a file or folder from a SharePoint document library.
-
delete_list_itemDestructiveDelete an item from a SharePoint list.
-
opus_cancel_scheduled_postDestructiveCancel a scheduled social post BEFORE its publishAt time.
-
opus_delete_collectionDestructiveDelete a clip collection.
-
opus_remove_clip_from_collectionDestructiveRemove a clip from a collection.
-
remove_freshdesk_accountDestructiveDisconnect a Freshdesk account. Removes stored credentials for the specified domain.
-
remove_zendesk_accountDestructiveDisconnect a Zendesk account. Removes the stored credentials for the specified subdomain. Use list_zendesk_accounts to see available subdomains.
-
unenrol_talentlms_userDestructiveRemove a user from a course.\n\n
-
outreach_disconnect_accountDestructiveDisconnect an Outreach account. Example: {
-
salesforce_disconnect_accountDestructiveDisconnect a Salesforce account. Example: {
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.