Will accessibility tools that rely on automating input to the browser cause it to become untrusted? Will it affect extensions? The spec does currently specify a carveout for browser modifications and extensions, but those can make automating interactions with a website trivial. So, either the spec is useless or restrictions will eventually be applied there too.
Saw some Google bootlicker on GitHub issues talking about how the policy will prevent a lot of automated stuff including bots and many hacker tools.