The problem with ANY third party app is that you (or the company) don't know for sure what the underlying code is doing. Whether or not you're logged on has nothing to do with it, most such apps run in the background at all times anyway. To a software engineer, there's no inherent difference between a bot, password manager, or any other app... they all have a bunch of code which does stuff. Unless it's open source, the users have no insight whatsoever into the code details.
A perfectly legit app could have a code error which creates an exploit, that neither you nor the app vendor know about until it's too late. That includes password managers...
https://www.cloaked.com/post/the-top...issues-to-date
Some apparently "legit" apps have been known to have deliberate, covert functionality for various non-benign, obscure purposes.
https://www.theverge.com/24343913/pa...affiliate-fees
If your credentials got used to hack company systems, that would not reflect well on you. I suspect they'd let it slide if you were using a password manager, since those are actually intended to increase your security by allowing strong passwords that you wouldn't otherwise remember. Especially the password managers built into browsers. But technically, they could throw the book at you, per company policy.