| Box | box.ai_extract_structured_from_fields | Data Access | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2ISO_27001 | Extracts values for a caller-defined field list from a document. |
| Box | box.ai_extract_structured_from_fields_enhanced | Data Access | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2ISO_27001 | Enhanced field-list extraction with reasoning; same data exposure as base extract. |
| Box | box.ai_extract_structured_from_metadata_template | Data Access | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2ISO_27001 | Extracts values matching a Box metadata template from a document. |
| Box | box.ai_extract_structured_from_metadata_template_enhanced | Data Access | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2ISO_27001 | Enhanced metadata-template extraction with reasoning. |
| Box | box.ai_qa_hub | Data Access | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIAHIPAASOC2ISO_27001 | Runs Box AI Q&A across an entire content hub; can summarize regulated content. |
| Box | box.ai_qa_multi_file | Data Access | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIAHIPAASOC2ISO_27001 | Runs Box AI Q&A across several files; can synthesize sensitive content cross-document. |
| Box | box.ai_qa_single_file | Data Access | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIA | Runs Box AI Q&A against one file; output may contain extracted PII. |
| Box | box.copy_hub | Operations | medium | high | | SOC2ISO_27001 | Duplicates a content hub; creates new exposure surface for included items. |
| Box | box.create_docgen_batch | Operations | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOXCOSOSOC2 | Generates a batch of documents from a template; outputs may contain merged PII or contract data. |
| Box | box.create_docgen_template | Operations | low | high | | SOC2 | Defines a new document-generation template. |
| Box | box.create_file_comment | Operations | low | high | | | Posts a comment on a file. |
| Box | box.create_folder | Operations | low | high | | | Creates a new folder; structural change only. |
| Box | box.create_hub | Operations | low | high | | | Creates a new (initially empty) content hub. |
| Box | box.get_docgen_template_by_id | Data Access | low | high | | | Reads a document-generation template definition. |
| Box | box.get_file_content | Data Access | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIAHIPAASOXCOSOSOC2ISO_27001 | Downloads file contents; arbitrary documents may include PII, PHI, or financial records. |
| Box | box.get_file_details | Data Access | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIA | Returns file metadata (owner, path, sharing state). |
| Box | box.get_folder_details | Data Access | low | high | | SOC2 | Returns folder metadata and sharing context. |
| Box | box.get_hub_details | Data Access | low | high | | | Returns hub configuration. |
| Box | box.get_hub_items | Data Access | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2 | Lists items within a hub; can enumerate regulated content sets. |
| Box | box.list_docgen_templates | Data Access | low | high | | | Enumerates available document-generation templates. |
| Box | box.list_file_comments | Data Access | low | high | | | Reads comments on a file. |
| Box | box.list_folder_content_by_folder_id | Data Access | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2 | Lists items within a folder; can enumerate sensitive document inventories. |
| Box | box.list_hubs | Data Access | low | high | | | Enumerates content hubs visible to the caller. |
| Box | box.list_item_collaborations | Identity & Access | medium | high | | SOC2ISO_27001 | Reveals who has access to an item; useful for both audit and reconnaissance. |
| Box | box.list_tasks | Operations | low | high | | | Lists Box tasks (review/approval) on items. |
| Box | box.search_files_keyword | Data Access | high | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIAHIPAASOC2ISO_27001 | Full-text search across Box; can surface regulated content the caller has access to. |
| Box | box.search_files_metadata | Data Access | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2 | Searches files by metadata template fields. |
| Box | box.search_folders_by_name | Data Access | low | high | | SOC2 | Locates folders by name. |
| Box | box.update_file_properties | Operations | medium | high | | SOC2ISO_27001 | Modifies file metadata; can rename, retag, or move regulated content. |
| Box | box.update_folder_properties | Operations | medium | high | | SOC2ISO_27001 | Modifies folder metadata; can affect inherited sharing or retention. |
| Box | box.update_hub | Operations | medium | high | | SOC2ISO_27001 | Updates hub metadata or audience configuration. |
| Box | box.upload_file | Operations | medium | high | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2ISO_27001 | Uploads a new file into Box; can introduce regulated data into a managed repository. |
| Box | box.upload_file_version | Operations | medium | high | ⚠ SoD | SOXCOSOSOC2ISO_27001 | Replaces existing file content with a new version; alters records of record. |
| Box | box.who_am_i | Identity & Access | low | high | | | Returns the authenticated Box principal. |
| Braze | braze.call_function | Discovery | medium | medium | | SOC2ISO_27001 | Generic dispatcher to invoke any other Braze MCP function; effective risk depends on the wrapped call. |
| Braze | braze.get_campaign_dataseries | Campaigns | low | high | | | Returns time-series performance metrics for a campaign; aggregate only. |
| Braze | braze.get_campaign_details | Campaigns | low | high | | SOC2 | Reads campaign configuration and copy; reveals targeting logic. |
| Braze | braze.get_campaign_list | Campaigns | low | high | | | Lists marketing campaign metadata; no PII subject identifiers exposed. |
| Braze | braze.get_canvas_data_series | Canvases | low | high | | | Time-series performance for a Canvas; aggregate metrics. |
| Braze | braze.get_canvas_data_summary | Canvases | low | high | | | Summary performance for a Canvas; aggregate metrics. |
| Braze | braze.get_canvas_details | Canvases | low | high | | SOC2 | Reveals journey steps, branching, and audience definitions. |
| Braze | braze.get_canvas_list | Canvases | low | high | | | Lists Canvas (multi-step journey) metadata. |
| Braze | braze.get_catalog_item | Catalogs | low | high | | | Returns a single catalog item record. |
| Braze | braze.get_catalog_items | Catalogs | low | high | | | Lists items within a catalog. |
| Braze | braze.get_catalogs | Catalogs | low | high | | | Lists product or content catalogs. |
| Braze | braze.get_content_blocks_info | Content Blocks & Templates | low | high | | | Returns content block bodies; may include marketing copy. |
| Braze | braze.get_content_blocks_list | Content Blocks & Templates | low | high | | | Lists reusable content blocks. |
| Braze | braze.get_custom_attributes | Custom Attributes | medium | medium | | GDPRUK_GDPRCCPAPIPEDALGPDAPPIPIPLPOPIASOC2 | Reveals custom user-attribute schema; can include sensitive trait names referencing PII fields. |
| Braze | braze.get_dau_data_series | KPIs | low | high | | | Daily active users metric. |
| Braze | braze.get_email_template_info | Content Blocks & Templates | low | high | | | Returns email template body and metadata. |