Well, a bot could also just spam the repo full with nonsense proposals. I guess you'd need a repo whitelist/blacklist option, really, in ngit. Then each project could determine how to define that list. I wouldn't put it in the maintainers file, though.

Trying to account for malicious actors in each feature is too complicated.