fix(#1835): require file reads before asserting contents in findings

internal/scaffold/fullsend-repo/skills/code-review/SKILL.md

@@ -52,6 +52,12 @@ git log --oneline -10 -- <test-file-path>
 - Read any security-sensitive files related to the change (auth
   middleware, RBAC configuration, sandboxing code) even if they are not
   directly modified.
+- **Cross-file verification:** If you intend to reference a file's
+  contents in a finding — even a file not in the diff — you MUST read
+  that file first. Never claim a file contains specific text without
+  having read it in this session. If you cannot read the file (e.g., it
+  is in another repository or inaccessible), state that you were unable
+  to verify the contents rather than assuming what they contain.
 
 ### 3. Evaluate each dimension
 
@@ -215,6 +221,13 @@ For each issue identified, record:
   observations, praise, broad suggestions, and anything already handled
   by the PR.
 
+**Cross-file finding self-check:** Before recording any finding that
+asserts what a specific file contains, verify that you read that file
+during step 2. If you did not read it, read it now before finalizing
+the finding. If the file is unreadable, reframe the finding to state
+that the contents could not be verified — do not assert unverified
+contents as fact.
+
 #### Severity anchoring (re-reviews)
 
 When prior review context is available (passed from the `pr-review`

internal/scaffold/fullsend-repo/skills/pr-review/sub-agents/correctness.md

@@ -73,3 +73,15 @@ When reviewing technical documentation, verify:
 - **Edge case correctness** — Are described edge cases (depth/breadth
   limits, zero values, error conditions) handled correctly in the
   described logic?
+
+### Cross-file verification
+
+When a finding depends on the contents of a file not in the PR diff
+(e.g., claiming a Dockerfile contains a specific flag, or a config file
+uses a particular setting), you MUST read that file before asserting
+what it contains. Do not reason about what a file "probably" contains
+based on common patterns — read it.
+
+If the file cannot be read (e.g., it is in another repository or
+inaccessible), state that you were unable to verify the contents.
+Never present unverified file contents as fact in a finding.

internal/scaffold/fullsend-repo/skills/pr-review/sub-agents/security.md

@@ -83,6 +83,18 @@ Calibrate investigation to the diff size and security surface area.
   to verify permission scope.
 - Trace call sites of changed functions to check for fail-open paths.
 
+### Cross-file verification
+
+When a finding depends on the contents of a file not in the PR diff
+(e.g., claiming a workflow file contains a specific permission scope, or
+an IAM policy grants a particular role), you MUST read that file before
+asserting what it contains. Do not reason about what a file "probably"
+contains based on common patterns — read it.
+
+If the file cannot be read (e.g., it is in another repository or
+inaccessible), state that you were unable to verify the contents.
+Never present unverified file contents as fact in a finding.
+
 ## Fail-open / fail-closed evaluation
 
 **Category:** Use `fail-open` for all findings in this section.