What we don't know is whether they're already sharing UTXOs with external companies before each and every CoinJoin. There has been no confirmation or denial of this information, yet.
It's already in their legal documentation, so you can only assume it is already happening:
zkSNACKs Ltd. may execute illicit activity checking and control via a contracted third party solely in its CoinJoin coordination services. zkSNACKs Ltd. may suspend your UTXOs’ access to the CoinJoin services, with immediate effect for any reason - including but not limited to illicit or prohibited activities, applicable sanctions programs, or any crime or money-laundering activity - at its sole discretion and is under no obligation to disclose the details of its decision to take such action with you. In this case you are not permitted to use the relevant/high-risk bitcoin UTXO to reach the CoinJoin services.
You acknowledge that zkSNACKs Ltd.'s decision to take certain actions, including suspending for any reason at our sole discretion, may be based on confidential criteria that are essential to zkSNACKs Ltd.'s risk management and security protocols. You agree that zkSNACKs Ltd. is under no obligation to disclose the details of its risk management and security procedures to you.
Your access with the relevant bitcoin UTXOs to the CoinJoin services will be permanently suspended.
a statement about the presence of a blacklist in coinjoin will discourage scammers from using the protocol
To effectively run a blacklist, you must first check
every input to decide which ones you are going to censor. This invades
everyone's privacy. The presence of a blacklist will discourage anyone who is serious about privacy from using the service, not just scammers.