In Zcash a quantum attacker could include invalid transactions with forged proofs, but I'm not sure they could actually break Zcash's privacy properties?

I'd need to review the design details more to say for sure, but e.g. from what I recall Pedersen hashes are used in the commitment tree, but not for nullifiers. Those use blake hashes (which are plausibly post-quantum secure), IIRC.

There's also the underlying prover layer, but many proof systems actually have information-theoretic zero-knowledge properties (assuming a suitable source of randomness), even if their soundness guarantees are based on assumptions like DLP.