Add a comment to an existing GitHub issue using configured repo defaults when available.
AI agents use comment_on_issue to create or update resources in Universal Mcp Toolkit — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Universal Mcp Toolkit environment.
This tool creates new data (a comment) on a GitHub issue, which is a Write operation. It is not Destructive because comments are editable and deletable. Severity is medium because commenting on issues could be misused to spam, harass, or inject misleading information into project discussions, but the impact is limited to metadata/communication rather than code or infrastructure.
From the tool's definition Tool name 'comment_on_issue' and description 'Add a comment to an existing GitHub issue' indicates creation of new comment data on GitHub. This is a reversible write operation—comments can be edited or deleted.
Attacks that exploit this kind of access
Add a comment to an existing GitHub issue using configured repo defaults when available. It is categorised as a Write tool in the Universal Mcp Toolkit MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Universal Mcp Toolkit MCP server in PolicyLayer and add a rule for comment_on_issue: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Universal Mcp Toolkit. Nothing to install.
comment_on_issue is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the comment_on_issue rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for comment_on_issue. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
comment_on_issue is provided by the Universal Mcp Toolkit MCP server (markgatcha/universal-mcp-toolkit). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →