If Github is to be used as a trusted source, it's best to host the whole UI from there. The other domains could always make it not use Github and re-prompt your nsec, or use it in a manner you did not authorize etc.
That said, it's a cool project — nostr apps would benefit from OS / browser level integration that takes care of key management, event storage and relay connections without every app having to do it.
