Thanks for your feedback.

Then, I will modify it to be an independent task which can be run with "bitbake linux-yocto -c generate_cve_exclusions".
It will remove the mandatory aspect of this task in the workflow.