Do you have the ability to use/create a personal access token, or to get API access? This seems like the type of thing that an external script that could query the instance would be able to do, especially because the user would already have access to the channel, and would be able to read messages without needing additional permissions, as long as you have API access, etc. Just a thought!