Thank you all for the feedback!!!
This is indeed a problem that also @zimbatm mentioned when we spoke. bors delegate=
is sticky. So a malicious actor could hijack an initially inocuous PR easily.
Bors-NG has a vibrant RFC process for exactly this.
I tend to conclude, though that this particular steam engine’s endeavour need be decoupled from such more involved discussions about the trust model. I even suggested to interested parties to constitute a SIG Trust model to develop a general and overall consistent perspective on the topic which SIG Workflow automation happily could process as an input.