Well first of all, as a public company Slack is held to extremely well regulated security protocols to ensure this never happens, so we get the benefit of that out of the box.

Additionally, we require the user to associate their Slack user to their CTO.ai account using a secure authentication layer that has dependencies outside of Slack.

Theoretically, if a Slack employee were to try to execute a workflow, we would be able to see that they don't have this privilege and flag / reject that request because they wouldn't have the CTO.ai associated membership.

At this point, it's just as secure as any web application or even CLI, which have better understood virtual and physical attack vectors. We take it a step further by ensuring that tokens MUST be vaulted, avoiding the chance that you leak them through a lost laptop or public commit.

We're also looking at 2fa for some of our enterprise use cases and have been working on a deeper integration with Slack enterprise grid which makes this even more secure.

Are there additional approaches you'd recommend we take here?

Looks like their secrets feature pops you out to an external site where you have to authenticate separately, and the secrets are entered there, and stored for later use. Check out their video, seems they thought it all through