GitHub Agentic Workflows MCP Configuration
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is strictly educational/documentation-based, providing configuration patterns and implementation guides for the Model Context Protocol.
- [COMMAND_EXECUTION]: Examples demonstrate the use of
child_process.spawnandexecSyncfor managing local MCP server processes. These are intended behaviors for the described system and are triggered by local configuration files. - [CREDENTIALS_UNSAFE]: The guide correctly uses placeholders (e.g.,
${{ secrets.GITHUB_TOKEN }},${MCP_API_TOKEN}) for sensitive information, demonstrating secure configuration practices. - [DATA_EXFILTRATION]: No evidence of unauthorized data transmission was found. Network operations (HTTP/SSE) are clearly documented as part of the MCP transport protocols.
Audit Metadata