slack-sync

This file is an operational documentation/skill for aggregating Slack activity via an internal MCP server. It is not executable code and contains no direct signs of malware or remote-exec behavior. Primary risks are operational and privacy-focused: centralizing Slack access through composio-config concentrates sensitive messages and credentials; hard-coded internal IDs and org-chart lookups expose PII mapping risks; and aggregated outputs may leak revenue-sensitive information if stored or forwarded insecurely. Recommended mitigations: validate and restrict composio-config's privileges and audit trail, apply least-privilege channel access, implement redaction and retention policies for exported reports, store channel/user IDs in protected configuration rather than docs, and limit/report which downstream systems can receive the outputs.