| Gusto | gusto.list_employee_work_addresses | Employees | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIA | Reads employee work address assignments. |
| Gusto | gusto.list_employee_terminations | Employees | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2 | Lists termination records; sensitive HR data subject to discrimination/wrongful-termination concerns. |
| Gusto | gusto.list_employee_jobs | Employees | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2 | Lists jobs an employee holds; reveals role and assignment history. |
| Gusto | gusto.list_employee_home_addresses | Employees | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2ISO_27001 | Reads employee home addresses; directly identifying personal data. |
| Gusto | gusto.list_employee_employment_history | Employees | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2 | Reads an employee's historical employment record. |
| Gusto | gusto.list_employee_custom_fields | Employees | medium | medium | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2 | Reads custom HR fields on employees; content varies by company configuration and may include sensitive data. |
| Gusto | gusto.list_company_time_sheets | Time Tracking | medium | high | | SOXCOSOGDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2 | Lists submitted timesheets; basis for hourly payroll and labor-cost reporting. |
| Gusto | gusto.list_company_payrolls | Payroll | high | high | | SOXCOSOGLBASOC2ISO_27001GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIA | Lists payroll runs; aggregate compensation, taxes, and disbursement totals are core financial-reporting inputs. |
| Gusto | gusto.list_company_pay_schedules | Payroll | low | high | | SOXCOSO | Lists pay schedules configured at the company. |
| Gusto | gusto.list_company_pay_schedule_assignments | Payroll | low | high | | SOXCOSO | Lists which employees are assigned to which pay schedules. |
| Gusto | gusto.list_company_pay_periods | Payroll | low | high | | SOXCOSO | Lists pay periods on the company's calendar. |
| Gusto | gusto.list_company_locations | Company & Organization | low | high | | | Lists work locations associated with a company. |
| Gusto | gusto.list_company_employees | Employees | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIAGLBASOC2ISO_27001 | Bulk read of employee roster including PII held by a US payroll provider. |
| Gusto | gusto.list_company_earning_types | Payroll | low | high | | SOXCOSO | Lists earning types configured at the company (regular, bonus, commission, etc.). |
| Gusto | gusto.list_company_departments | Company & Organization | low | high | | | Lists departments within a company. |
| Gusto | gusto.list_company_custom_fields_schema | Utility | low | high | | | Reads the schema definition of company-defined custom fields. |
| Gusto | gusto.list_company_contractors | Contractors | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIAGLBASOC2 | Lists contractors and their PII (1099-style records). |
| Gusto | gusto.list_company_contractor_payments | Contractors | high | high | | SOXCOSOGLBASOC2ISO_27001 | Reads contractor payment history; financial-record exposure relevant to revenue and tax controls. |
| Gusto | gusto.list_company_contractor_payment_groups | Contractors | medium | high | | SOXCOSOSOC2 | Lists batched contractor-payment groups. |
| Gusto | gusto.get_token_info | Utility | low | high | | SOC2 | Returns metadata about the OAuth token used for the connection. |
| Gusto | gusto.get_time_sheet | Time Tracking | medium | high | | SOXCOSOGDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2 | Reads a single timesheet record. |
| Gusto | gusto.get_payroll | Payroll | high | high | | SOXCOSOGLBASOC2ISO_27001GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIA | Reads a single payroll run including per-employee gross/net and tax detail. |
| Gusto | gusto.get_pay_schedule | Payroll | low | high | | SOXCOSO | Reads a single pay schedule. |
| Gusto | gusto.get_location | Company & Organization | low | high | | | Reads a single work location's details. |
| Gusto | gusto.get_job | Employees | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2 | Reads a single employee job record. |
| Gusto | gusto.get_gusto_employee | Employees | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIAGLBASOC2ISO_27001 | Reads a single employee's PII record (SSN-adjacent profile, contact, employment status). |
| Gusto | gusto.get_employee_work_address | Employees | low | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIA | Reads a single work address record. |
| Gusto | gusto.get_employee_rehire | Employees | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2 | Reads a rehire record for an employee. |
| Gusto | gusto.get_employee_home_address | Employees | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2ISO_27001 | Reads a specific employee home address. |
| Gusto | gusto.get_department | Company & Organization | low | high | | | Reads a single department's details. |
| Gusto | gusto.get_contractor_payment_group | Contractors | medium | high | | SOXCOSOSOC2 | Reads a single contractor payment group. |
| Gusto | gusto.get_contractor_payment | Contractors | high | high | | SOXCOSOGLBASOC2ISO_27001 | Reads a single contractor payment. |
| Gusto | gusto.get_contractor | Contractors | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIAGLBASOC2 | Reads a single contractor's profile and tax-relevant data. |
| Gusto | gusto.get_compensation | Employees | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOXCOSOSOC2ISO_27001 | Reads a single compensation record (salary, rate, currency). |
ⓘ | Guru | guru.update_card | Knowledge | medium | medium | ⚠ SoD | SOC2ISO_27001 | Modifies an existing Guru card; changes the source of truth employees rely on for policy and procedure. |
ⓘ | Guru | guru.search_content | Knowledge | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2 | Searches Guru content; can surface internal documentation including HR, security, and customer data. |
ⓘ | Guru | guru.list_knowledge_agents | Knowledge | low | high | | | Enumerates Knowledge Agents available in the workspace. |
ⓘ | Guru | guru.create_card_draft | Knowledge | low | high | | | Drafts a new Guru card; visible to authors as a draft, not auto-published. |
ⓘ | Guru | guru.ask_question | Knowledge | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2 | Generates an answer grounded in Guru cards and connected sources (Slack, Drive, Confluence); answers may include policy data, customer info, or other regulated content. |
| Granola | granola.query_granola_meetings | Meeting Intelligence | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2ISO_27001 | Conversational Q&A over meeting notes; answers may surface confidential discussions, customer PII, or material non-public information. |
| Granola | granola.list_meetings | Meeting Intelligence | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2 | Lists meetings with titles, dates, and attendees; titles alone can reveal sensitive context (M&A, layoffs). |
| Granola | granola.list_meeting_folders | Meeting Intelligence | low | high | | SOC2 | Lists folders the user is a member of. |
| Granola | granola.get_meetings | Meeting Intelligence | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2ISO_27001 | Returns full meeting notes (private and enhanced) for specified IDs; exposes verbatim internal discussions. |
| Granola | granola.get_meeting_transcript | Meeting Intelligence | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2ISO_27001 | Returns the verbatim transcript of a meeting; raw recording of private business conversations may include PII or PHI. |
| Granola | granola.get_account_info | Meeting Intelligence | low | high | | | Returns the connected user's email and workspace identifier. |
| Google Drive | google-drive.search_files | Data Access | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2ISO_27001 | Searches across the user's Drive; can surface regulated documents the agent wasn't intended to see. |
| Google Drive | google-drive.read_file_content | Data Access | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2ISO_27001 | Pulls a Drive file's contents into the agent context; high exposure if the file contains PII, financial, or regulated data. |
| Google Drive | google-drive.list_recent_files | Data Access | low | high | | SOC2 | Lists files recently touched by the user. |
| Google Drive | google-drive.get_file_permissions | Data Access | low | high | | SOC2 | Reads who has access to a file. |
| Google Drive | google-drive.get_file_metadata | Data Access | low | high | | SOC2 | Reads metadata (name, owner, mtime) for a single file. |