We are moving towards a place where ticketing systems will become an important component to protect, akin to CI/CD.

Tickets are a new source of untrusted input we need to account for when threat modeling against prompt injections.

Ghostty only allows maintainers to create issues, seems to me they figured out a cheap and pragmatic security policy by accident.