It was possible to overwrite Git configuration remotely and override some of its behavior.

Thanks to Jason Marcello for responsible disclosure.