OpenWebF Security: Remote Content & Trust Boundaries
Instructions
- •Identify trust boundaries:
- •remote bundle URLs
- •user-generated content
- •bridge/native plugins
- •Review how URLs are constructed and validated (allowlists, HTTPS, pinning/versioning).
- •Use MCP docs (“Security”, “Store Guidelines”) as the baseline for recommendations.
- •Provide remediation steps ordered by severity; do not modify files by default.
If the user is primarily asking about store policy/compliance for remote updates, prefer openwebf-security-store-guidelines.
More: