addfox-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a technical guide for the Addfox framework, providing legitimate configuration examples and architectural patterns for Manifest V3 extensions.
- [SAFE]: Promotes strong security defaults, including instructions on how to implement the 'Least Privilege Principle' by minimizing manifest permissions and using specific host patterns instead of broad wildcards.
- [SAFE]: Includes explicit security warnings regarding messaging, advising developers to always include and validate the 'from' origin in payloads to prevent spoofing between extension components.
- [SAFE]: Recommends standard, reputable open-source dependencies such as 'webextension-polyfill' from Mozilla for cross-browser compatibility.
- [SAFE]: Provides guidance on UI isolation using Shadow DOM and iframes via '@addfox/utils' to prevent styles or scripts from the host webpage from interfering with the extension's interface.
Audit Metadata