You’re 100% right to call that out. The current GitHub OAuth scope is too broad

I’m changing this ASAP to least-privilege and I’ll publish a clear explanation of scopes + data handling. In the meantime: please run the local/CLI path if you want zero-trust.

Yeah, if it weren't for that, I think this would blow up. Plus, even if you get past that, if you try a larger project, it times out after 1 minute and gives up. But it's a pretty awesome idea!