Assesses data collection practices, privacy disclosures, storage security, third-party data sharing, and compliance with browser store privacy requirements.
20
Total Checks
3
Delivery Formats
3
Categories
8
Versions
Included
Never included
Prompt quality hardening: added counting/enumeration, numeric thresholds, cross-references, negative guardrails, measurement-on-pass, and quoting directives across all checks
2026-04-02
Added chunked format for browser-based tools
2026-03-01
Improved Step 3: paste URL is now primary submission method
2026-03-01
Tightened tokens-not-in-storage skip criteria to prioritize auth-flow detection before pass/fail evaluation; clarified that service API keys are out of scope (covered by no-sync-secrets). Tightened local-pii-encrypted to explicitly require skip (not pass) when no local PII storage exists; added API keys-not-PII clarification.
2026-03-01
Hardened curl commands with -sS -L flags for redirect following and error visibility. Added response validation guidance to Step 3.
2026-02-23
Fixed invalid prompt_hash — replaced placeholder/non-hex value with actual SHA-256 digest of prompt content
2026-02-23
Fixed 2 orphan check IDs in telemetry template; added missing permission-help-text check; corrected scoring category counts
2026-02-21
Initial release
2026-02-21
Picked by pack overlap with this audit.
Assesses store listing completeness, policy compliance, screenshot quality, update strategy, and review preparation for Chrome Web Store submission.
Evaluates manifest permissions scope, content security policy, content script isolation, message passing security, and host permission minimization to ensure the principle of least privilege.
Evaluates popup responsiveness, badge/notification usage, loading states, extension bundle size, memory usage, and integration with browser UX conventions.