From the 2026-05-06 security review.\n\nRisk: public shortlink creation can be abused for trusted-domain phishing / KV exhaustion, and issue creation can be abused for GitHub issue spam if Turnstile is absent or optional.\n\nSuggested work:\n- Rate-limit shortlink creation and issue creation.\n- Require Turnstile in production issue submissions.\n- Allowlist issue labels.\n- Add revocation/reporting for abusive shortlinks.\n- Consider external-link interstitials for nthumods.com/l redirects to non-NTHUMods domains.
From the 2026-05-06 security review.\n\nRisk: public shortlink creation can be abused for trusted-domain phishing / KV exhaustion, and issue creation can be abused for GitHub issue spam if Turnstile is absent or optional.\n\nSuggested work:\n- Rate-limit shortlink creation and issue creation.\n- Require Turnstile in production issue submissions.\n- Allowlist issue labels.\n- Add revocation/reporting for abusive shortlinks.\n- Consider external-link interstitials for nthumods.com/l redirects to non-NTHUMods domains.