Your AI Agent Has Push Access to Every Repo

Your coding agent just merged a pull request to main, deleted three files it thought were unused, and created a new repository called temp-debug-workspace. You didn't ask it to do any of that. But you gave it access to the GitHub MCP server, and the GitHub MCP server said yes to everything.

What the GitHub MCP server exposes

The official GitHub MCP server registers 83 tools. Most people set it up for reading code and managing issues. What they don't realise is they've also handed their agent the keys to:

delete_file — permanently remove files from a repository

merge_pull_request — merge PRs without human review