triagelisted

# triage Adversarial triage of raw security-scanner output. Does four jobs: **verify** each finding is real, **deduplicate** across runs and scanners, **rank** survivors by derived exploitability rather than the scanner's claimed severity, and **route** each to a component owner. Output is a short, ranked, owned list instead of a raw dump. Invoke with `/triage <findings-path> [--auto] [--votes N] [--repo PATH] [--fp-rules FILE]`. **Arguments** (parse from `$ARGUMENTS`; positional `$1`/`$2` expansion is not stable across runtimes): - findings path (first positional, required): a JSON file, a directory of JSON files, a `VULN-FINDINGS.json`, a pipeline `results/<target>/<ts>/` directory, or a markdown report. - `--auto`: skip the interview and use defaults. Default mode is **interactive**. - `--votes N`: verifier votes per finding (default 3; use 1 for a quick pass, 5 for high-stakes batches). - `--repo PATH`: path to the target codebase, read-only (default cwd). Verification needs source access; the skill stops with an error if the cited files aren't reachable. - `--fp-rules FILE`: append the contents of FILE to the verifier's exclusion-rule list (Phase 3a). Use for org-specific precedents: "we use Prisma ORM everywhere — raw-query SQLi only", "k8s resource limits cover DoS", etc. Plain text, one rule per line or paragraph. - `--fresh`: ignore any existing checkpoint in `./.triage-state/` and start from Phase 0. Without this flag the skill resumes from th