Assesses data collection practices, privacy disclosures, storage security, third-party data sharing, and compliance with browser store privacy requirements.
20
Total Checks
3
Delivery Formats
3
Categories
8
Versions
Prompt quality hardening: added counting/enumeration, numeric thresholds, cross-references, negative guardrails, measurement-on-pass, and quoting directives across all checks
2026-04-02
Added chunked format for browser-based tools
2026-03-01
Improved Step 3: paste URL is now primary submission method
2026-03-01
Tightened tokens-not-in-storage skip criteria to prioritize auth-flow detection before pass/fail evaluation; clarified that service API keys are out of scope (covered by no-sync-secrets). Tightened local-pii-encrypted to explicitly require skip (not pass) when no local PII storage exists; added API keys-not-PII clarification.
2026-03-01
Hardened curl commands with -sS -L flags for redirect following and error visibility. Added response validation guidance to Step 3.
2026-02-23
Fixed invalid prompt_hash — replaced placeholder/non-hex value with actual SHA-256 digest of prompt content
2026-02-23
Fixed 2 orphan check IDs in telemetry template; added missing permission-help-text check; corrected scoring category counts
2026-02-21
Initial release
2026-02-21