The key is, it's not the person who grants the MCP access who is the attacker.
The attacker is some other person who can create issues on a public Repo but has no direct access to the private repo.
The point is this is NOT a GitHub MCP vulnerability, but how you use it. There is nothing to be fixed in MCP itself; rather how you use it.
> The point is this is NOT a GitHub MCP vulnerability, but how you use it.
You're the only one talking about GitHub MCP vulnerabilities. Everyone else is talking about GitHub MCP exploits. It's in the title, even.
Tomato-Tomato. It's not even an exploit. I will give you my token with access only to public repos. Try and access my private repos with Github MCP. Guess what - you can't - so it is not Github MCP exploit.