This is fair, and we will gladly share the extraordinary evidence as soon as we can.

If you're curious, we have already released the full traces of finding a sqlite3 0day with an early version of Xint Code (submitted to the AIxCC competition and now open sourced): https://theori.io/blog/exploring-traces-63950

In the commenter's defense, it's reasonable to be skeptical about the level of autonomy claimed in the post.

We are very eager to share more evidence (including the raw inputs and output artifacts for these bugs) and will absolutely do so as soon as we can.

> Sure, but that isn’t the user’s fault, and they’re the ones who are going to get attacked.

This is true, but the responsibility to protect these users is ultimately on Slack, not the researcher. If Slack's bounties are nowhere near competitive with black market prices, they are failing to protect their users and should be called out on it.