github-mcp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt shows placing a GitHub PAT directly into the MCP config and includes a plaintext webhook secret in example API calls, which would require the agent/LLM to include secret values verbatim in configs/requests (high exfiltration risk).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The MCP config executes remote code at runtime via npx (npx -y @modelcontextprotocol/server-github) and/or a container image (ghcr.io/modelcontextprotocol/server-github), which will fetch and run external code that can directly control agent behavior.