Agentinelv0.1.0

MCP security scorecard — OWASP Agentic Top 10 (2026)
target github  ·  1 server  ·  15 tools  ·  from published tool specs
1
Findings
HIGH
Max severity
0
Critical
1
High
0
Medium

Capability matrix · Rule of Two

Server / toolA untrustedB sensitiveC external
github / create_or_update_file ·
create_pull_request · ·
delete_file ·
get_discussion_comments · ·
get_file_contents · ·
get_me · · ·
get_secret_scanning_alert · ·
issue_read · ·
issue_write · ·
list_issues · ·
list_notifications · ·
list_repository_collaborators · · ·
merge_pull_request · ·
pull_request_read ·
push_files ·

Findings

HIGH

Lethal Trifecta / Rule-of-Two violation

ASI02 server:github

This server's combined toolset spans all three lethal-trifecta axes, so an agent using it can be steered to chain them into data exfiltration or unauthorized action. Contributors — A (untrusted-input): github:issue_read, github:list_issues, github:pull_request_read, github:get_discussion_comments, github:list_notifications; B (sensitive-access): github:pull_request_read, github:get_file_contents, github:get_secret_scanning_alert, github:create_or_update_file, github:push_files, github:delete_file; C (external-comms): github:create_or_update_file, github:push_files, github:create_pull_request, github:merge_pull_request, github:issue_write, github:delete_file.

axes present: A+B+C

✓ Break the trifecta: remove one axis, split capabilities across isolated agents, or require human approval for the state-changing / external-comms step.

ASI02 · Tool Misuse and Exploitation · confidence 75%