From 61d0cc39fdf69f5f7be5171c44cee6323303b8fe Mon Sep 17 00:00:00 2001
From: Eddie Santos <9561596+eddie-santos@users.noreply.github.com>
Date: Thu, 12 Jun 2025 15:23:45 -0700
Subject: [PATCH] GitHub MCP warning (#979)

---
 docs/cli/tutorials.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/docs/cli/tutorials.md b/docs/cli/tutorials.md
index 518110ad..96c105b4 100644
--- a/docs/cli/tutorials.md
+++ b/docs/cli/tutorials.md
@@ -4,10 +4,14 @@ Master usage of Gemini CLI to automate development tasks.
 
 ## Setting up Model Context Protocol (MCP) Servers
 
-> **A Note on Third-Party MCP Servers:** Before using a third-party MCP server, ensure you trust its source and understand the tools it provides. Your use of third-party servers is at your own risk.
+> [!NOTE]
+> Before using a third-party MCP server, ensure you trust its source and understand the tools it provides. Your use of third-party servers is at your own risk.
 
 ### GitHub MCP Server
 
+> [!WARNING]
+> The GitHub MCP Server has known security vulnerabilities, proceed with caution.
+
 The [GitHub MCP server] provides tools for interacting with GitHub repositories, such as creating issues, commenting on pull requests, and more.
 
 [GitHub MCP server]: https://github.com/github/github-mcp-server
@@ -52,6 +56,9 @@ In your project's root directory, create or open the `.gemini/settings.json` fil
 
 ##### Set Your GitHub Token
 
+> [!CAUTION]
+> Using a broadly scoped personal access token that has access to personal and private repositories can lead to information from the private repository leaked into the public repository. We recommend using a fine grained access token that doesn't share access to both public and private repositories.
+
 Use an environment variable to store your PAT.
 
 ```bash