Summary
Ship a Slack profile and starter pack with rules targeting common agent-in-Slack risks: broadcast mentions, sensitive topics, DM spam, and channel scope.
Profile: profiles/slack.yaml
name: slack
aliases:
channel: "params.channel"
text: "params.text"
thread: "params.thread_ts"
recipient: "params.user"
Starter Pack: starter-packs/slack-safe-defaults.yaml
name: slack-safe-defaults
profile: slack
rules:
- name: no-broadcast-mentions
match:
operation: "send_message"
when: "text.matches('<!here>|<!channel>|<!everyone>')"
action: deny
message: "Broadcast mentions (@here, @channel, @everyone) are not permitted."
- name: no-sensitive-topics
match:
operation: "send_message"
when: >
containsAny(text, ['acquisition', 'merger', 'LOI', 'term sheet',
'layoff', 'RIF', 'reorg'])
action: deny
message: "Message contains sensitive business terms. Send manually."
- name: no-dm-spam
match:
operation: "send_message"
when: >
has(recipient)
&& rateCount('slack:dm:' + context.agent_id, '1h') > 20
action: deny
message: "DM rate limit exceeded. Maximum 20 direct messages per hour."
- name: message-rate
match:
operation: "send_message"
when: "rateCount('slack:msg:' + context.agent_id, '1h') > 60"
action: deny
message: "Message rate limit exceeded. Maximum 60 messages per hour."
- name: audit-all
match:
operation: "*"
action: logNotes
- Slack token scopes already restrict channel access — Keep adds parameter-level filtering that tokens don't support (message content, mention patterns)
- Rate limits are conservative starting points; users override via pack overrides
- Include fixture tests covering: allow normal message, deny @here, deny sensitive topic, rate limit trigger
Summary
Ship a Slack profile and starter pack with rules targeting common agent-in-Slack risks: broadcast mentions, sensitive topics, DM spam, and channel scope.
Profile:
profiles/slack.yamlStarter Pack:
starter-packs/slack-safe-defaults.yamlNotes