Open-Source Taskflow Agent Finds High-Impact Vulnerabilities

GitHub Security Lab has open-sourced the seclab-taskflows agent and auditing taskflows after months of internal use, reporting more than 80 vulnerabilities with about 20 disclosures so far. The YAML-based framework runs in a Codespace, requires a GitHub Copilot license and premium-model requests, and uses threat-modeling plus a two-step suggest-and-audit design to reduce hallucinations and improve true positive rates.