GitHub (Composio MCP)
Composio-hosted MCP server exposing GitHub repos, issues, PRs, and Actions as authenticated tools for AI agents.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for GitHub (Composio MCP), derived from its capabilities.
AIVSS 8.1 · High
View MAESTRO 7-layer threat model →Overview
A managed MCP integration that lets an AI agent read and write GitHub data over OAuth: create/list issues and pull requests, comment, manage branches, search code, and trigger workflows. Composio handles the token exchange and scopes. Security surface includes broad repo write scopes, tool output that can carry prompt-injection payloads from issue/PR text, and credential exposure via the connected account.
Key features
- Issue and pull-request create/update/comment
- Repo, branch, and code search
- OAuth-managed connected account
- Actions/workflow triggering
Use cases
- Agent triages and labels issues
- Automated PR review and comment