github-mcp
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the official GitHub MCP server image hosted on the GitHub Container Registry (ghcr.io/github/github-mcp-server), which is a well-known and trusted service.
- [SAFE]: Sensitive data management follows industry standards by using the GITHUB_PERSONAL_ACCESS_TOKEN environment variable for authentication, avoiding hardcoded secrets.
- [SAFE]: Technical analysis of the provided Node.js scripts (main.cjs, pre-execute.cjs, and post-execute.cjs) confirms they are standard boilerplate utilities with no malicious logic, unauthorized file access, or network exfiltration.
- [SAFE]: No patterns of prompt injection, obfuscation, or persistence mechanisms were detected in the instructions or metadata.
Audit Metadata