GitHub MCP Server

The skill bundle is classified as suspicious due to its requirement for a highly privileged GitHub Personal Access Token (PAT), potentially with 'repo' scope (full repository access), which grants extensive capabilities including reading, creating, and updating files across repositories. While these capabilities are necessary for the stated purpose of GitHub integration, they introduce a significant attack surface and high potential for misuse if the AI agent is compromised or given malicious instructions. The installation method using `npx -y` also carries a minor risk, though it points to an official package. The `SKILL.md` itself does not contain explicit prompt injection attempts or instructions for malicious actions, but the inherent power of the tools it enables makes it a high-risk component.