The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.
https://www.hivepro.com/threat-advisory/apple-shortcuts-secret-threat-to-your-data/
https://thehackernews.com/2024/02/researchers-detail-apples-recent-zero.html?&web_view=true
https://support.apple.com/kb/HT214085
https://support.apple.com/kb/HT214083
https://support.apple.com/kb/HT214082
https://support.apple.com/en-us/HT214061
https://support.apple.com/en-us/HT214060
https://support.apple.com/en-us/HT214059
http://seclists.org/fulldisclosure/2024/Mar/23
http://seclists.org/fulldisclosure/2024/Mar/22
http://seclists.org/fulldisclosure/2024/Jan/39