Github permissions are excessively broad (all orgs, all access, read and write); permissions should be more granular and start with a specific personal private repo