For further explanation see the full questionnaire.
For your convenience, a copy of the questionnaire's questions is quoted here in Markdwon, so you can easily include your answers in an explainer.
- What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?
- Is this specification exposing the minimum amount of information necessary to power its features?
- How does this specification deal with personal information, personally-identifiable information (PII), or information derived from them?
- How does this specification deal with sensitive information?
- Does this specification introduce new state for an origin that persists across browsing sessions?
- Does this specification expose information about the underlying platform to origins?
- Does this specification allow an origin access to sensors on a user’s device
- What data does this specification expose to an origin? Please also document what data is identical to data exposed by other features, in the same or different contexts.
- Does this specification enable new script execution/loading mechanisms?
- Does this specification allow an origin to access other devices?
- Does this specification allow an origin some measure of control over a user agent's native UI?
- What temporary identifiers might this specification create or expose to the web?
- How does this specification distinguish between behavior in first-party and third-party contexts?
- How does this specification work in the context of a user agent’s Private Browsing or "incognito" mode?
- Does this specification have both "Security Considerations" and "Privacy Considerations" sections?
- Does this specification allow downgrading default security characteristics?
- What should this questionnaire have asked?