René Mayrhofer 
🇺🇦
HalvarFlakeI wrote some lines about mitigating vibe-coding risks by adopting a development model inspired by old-school computer breakin folks:
https://addxorrol.blogspot.com/2026/03/slightly-safer-vibecoding-by-adopting.html
Jeroen Massar@HalvarFlake > In order to do development, I SSH into that server with key-forwarding for my github keys enabled.
Key-forwarding you will never ever see me enable. It is like copying the private key to that host and giving it full access: like "keeping secrets inside the development VM”
Also note that that key gives the VM, where the evil stuff runs, access to ALL git(hub/lab/etc) repos
Better: on VM: git commit, console: git pull from VM, console: git push.
Yes, one step of extra security….
@HalvarFlake An another alternative, and possibly better model for strictness could be to have a separate git account, solely for that process; then indeed having that secret (ssh key) for that git account and having the forked repo there and doing a cross-repo PR (from dev-account to maint-account) would not be all too bad indeed.
One is effectively making two person reviews with yourself though ;)