Let's talk about your biggest attack surface: group chats. Anyone in the group can mention your agent and make it execute commands. Think about that for a second. Without gating, a stranger in a shared Slack channel could tell your agent to read your private files.
Enable mention gating so your agent only responds when explicitly @mentioned by an approved sender. Set up group allowlists to restrict which groups your agent monitors. Add per-sender policies so only specific people in a group can trigger tool execution. Everyone else gets a read-only response with no tool calls. Lock this down before you go live.