When user make an installation, a profile will be linked to the installation provided by github.
When user login, an access token will be delivered by github, members are able to access source code based on authentication preferences by the token.
Mutation.app does not store your source code. Instead it stores mutation reports with matched file names. Even if it is provided Mutate strips before uploading.
Furthermore, each access token delivered by github is encrypted by battle tested algorithms and not accessible without private key.