Evaluates manifest permissions scope, content security policy, content script isolation, message passing security, and host permission minimization to ensure the principle of least privilege.
22
Total Checks
3
Delivery Formats
3
Categories
7
Versions
Quality hardening: added enumeration/counting requirements, numeric thresholds, cross-references, anti-sycophancy guardrails, measurement-on-pass directives, quoting requirements, and code/path examples to all 22 checks. Added golden and bare-minimum test fixtures and manifests.
2026-04-02
Added chunked format for browser-based tools
2026-03-01
Improved Step 3: paste URL is now primary submission method
2026-03-01
Hardened curl commands with -sS -L flags for redirect following and error visibility. Added response validation guidance to Step 3.
2026-02-23
Fixed invalid prompt_hash — replaced placeholder/non-hex value with actual SHA-256 digest of prompt content
2026-02-23
Fixed severity band violation: downgraded no-all-urls from critical to high (critical was 51.3%, now 42.3%). Added missing non-persistent-background check to telemetry template (was in definitions but absent from template).
2026-02-21
Initial release
2026-02-21