Critical-risk tools in GitHub

Critical severity GitHub MCP Server 6 of 256 tools

6 of the 256 tools in GitHub are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

action Destructive

Action to perform: ignore, watch, or delete the repository notification subscription. (string, required)
delete_file Destructive

Delete file
force Destructive

Force removal even if worktree is dirty or locked (optional, default: false) (boolean, optional)
git_reset Destructive

Git reset
git_worktree_remove Destructive

Git worktree remove
updated_field Destructive

Object consisting of the ID of the project field to update and the new value for the field. To clear the field, set value to null. Example: {"id": 123456, "value": "New Value"}....

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Critical-risk tools in GitHub

Tools at critical risk

Attacks that target this class

More on GitHub

Let agents act without letting them run wild.