Mozilla has a well-defined process for handling security vulnerabilities based around responsible disclosure.
If you believe you have found a Taskcluster-related security vulnerability, you should visit the Mozilla bug bounty program for information on how to submit them.
This Bugzilla template will help you file a security vulnerability directly against Taskcluster.