series: Charlotte MCP
> Anatomy of a GitHub Actions Supply Chain Attack Targeting MCP Repos
A pull request to my MCP server Charlotte led me to uncover a supply chain attack spanning 250+ repos, 64 sockpuppet accounts, and five phases of escalating access — all funneling GitHub OIDC tokens to a single organization.