It would be a valid security pattern if it was created under the org scope, but it isn't.
A "service account" on GitHub is just another user account tied to a real user with that users MFA (if MFA is enabled, and since we're referring to valid security patterns, it should be).
A "service account" on GitHub is just another user account tied to a real user with that users MFA (if MFA is enabled, and since we're referring to valid security patterns, it should be).
GitHub's organizational features are poor.