GitHub Security Lab has reported more than 80 vulnerabilities using its open source Taskflow Agent framework, with roughly 20 already publicly disclosed. The findings are not low-severity edge cases: they include authorization bypasses and information disclosure flaws that let one user authenticate as another or read a stranger's private data, including PII in ecommerce shopping carts and full authentication bypass in chat applications.
The framework works by chaining YAML-defined tasks sequentially, each passing structured output to the next via a SQLite database called repo_context.db. This matters because it sidesteps the core failure mode of single large prompts: LLMs losing track of steps in complex, multi-stage reasoning. Tasks run asynchronously across codebase components using templated prompts, and results are logged in a way that lets researchers debug exactly where the model went right or wrong. The team recommends running audits twice, using different models such as GPT 5.2 and Claude Opus 4.6, because LLM non-determinism means a second pass can surface entirely different vulnerabilities.
The framework is open source at github.com/GitHubSecurityLab/seclab-taskflows and requires a GitHub Copilot license. A single command, ./scripts/audit/run_audit.sh myorg/myrepo, kicks off a run that takes one to two hours on a medium-sized repository. The full post details the exact YAML task structure, walks through specific vulnerability case studies, and explains how to write custom taskflows targeting vulnerability classes of your own choosing. If you work in security research or platform engineering, the architecture section alone is worth the read.
[READ ORIGINAL →]