# SPDX-FileCopyrightText: 2025 GitHub # SPDX-License-Identifier: MIT seclab-taskflow-agent: filetype: taskflow version: "1.0" model_config: seclab_taskflows.configs.model_config globals: repo: taskflow: - task: must_complete: true exclude_from_context: true agents: - seclab_taskflow_agent.personalities.assistant model: general_tasks user_prompt: | Fetch the vulnerable issues in {{ globals.repo }}. toolboxes: - seclab_taskflows.toolboxes.repo_context - task: must_complete: true repeat_prompt: true async: true agents: - seclab_taskflows.personalities.web_application_security_expert model: code_analysis toolboxes: - seclab_taskflows.toolboxes.repo_context - seclab_taskflows.toolboxes.local_file_viewer user_prompt: | The audit result has id {{ result.result_id }}. It is in the component with id {{ result.component_id }} at the location {{ result.location }}. It is in the repository {{ result.repo }}. The notes for the audit result are as follows: {{ result.notes }} Determine the low severity results based on the following criteria: - blind SSRF that has limited on the information it discloses. For example, an SSRF that only gives a different HTTP status for a specific type of endpoint and rejects all other endpoints (e.g. the endpoint must respond with a certain type of payload), and does not disclose any information other than the HTTP status code. - Path traversal or partial path traversal that can only read access to a specific directory with limited types of files (e.g. it can only access log files, or it can only access files with a specific extension). - Path traversal or partial path traversal that only discloses the existence of files or directories, and does not disclose any additional information about the file or directory. - Information disclosure that only discloses whether a specific condition is true, or some id number, publicly available resources, such as source code files or documentation, and does not disclose any additional information. For example, an information disclosure that only discloses whether a specific user exists, or an information disclosure that only discloses whether a specific issue id exists in the system. - Issues that requires a malicious admin users to exploit during installation, configuration or other set up process. - When running CLI tools or installers, we assume the user already has control on the device. Any issues that only allows a local user to gain access of the device with running these tools or during installation is considered low severity. However, do not exclude issues in installation or configuration that can be exploited by non-admin users. - CSRF or XSS issues that can only be exploited during a very specific time window. For example, CSRF or XSS that can only be exploited during the installation process. - Stored XSS that requires an admin user to upload malicious contents. - Issue with very limited impact, such as forcing a user to log out, rate limiting, DoS issues. - Misclassified issues that does not have a valid attack scenario or impact. - Issues that requires knowledge of the victim's private information (e.g. secret tokens, private keys, credentials) in order to exploit. - Issues that requires physical access to the device or system, or sharing a device with the victim. - Blind SQL injection that does not return any data, and only returns a different HTTP status code for a specific type of endpoint, and does not disclose any information other than the HTTP status code. If you decided to reject an issue, provide the reason, and then store a low severity reason for the result with the id {{ result.result_id }}. Otherwise, you can finish the task. DO NOT change or store anything for the current audit result.