Update triage state with issue #8 scoring bug fix and skip tracking

[BodenMcHale]

Summary

Updates the triage state tracking file to record the latest triage run and document actions taken on security-related issues.

Changes

• Updated run metadata: Bumped last_run timestamp to 2026-05-26T06:00:00Z and updated last_commit hash
• Recorded Issue [REVIEW] Cross-Origin Policies: scored by presence only — unsafe-none / cross-origin get full credit #8 action: Added triage action for a presence-only scoring bug discovered in src/rules.ts:149-150 where checkCrossOriginPolicies incorrectly awards perfect scores for permissive unsafe-none/cross-origin values without findings. Includes reference to a substantive fix comment using the 8d29a8c pattern.
• Expanded skip tracking: Added three new skipped issues with documented reasons:
  • Issue agent-escalate: Permissions-Policy rule should require camera/microphone/geolocation to award full score #4: Previously acted upon (within 7-day window)
  • Issue [REVIEW] fetchHeaders: HEAD request systematically miss-grades sites that emit security headers only on GET #7: Previously acted upon (within 7-day window)
  • Issue [REVIEW] Permissions-Policy tests: 4 assertions broken by merge regression — main branch CI is red #15: Deprioritized in favor of Issue [REVIEW] Cross-Origin Policies: scored by presence only — unsafe-none / cross-origin get full credit #8 (Priority 2 correctness/CI bug vs Priority 1 security correctness bug)

Implementation Details

The triage state now reflects a prioritization strategy that focuses on security correctness bugs (Priority 1) over general correctness issues, with proper tracking of recent actions to avoid duplicate effort within the 7-day window.

https://claude.ai/code/session_01U88cdyewxLrihVnj8K2RFT