Apply suggestions from code review

Co-authored-by: Copilot <[email protected]>

Author: marcoscaceres

.github/copilot-instructions.md

@@ -14,7 +14,7 @@ When in doubt, prioritize checking these:
 4. **WebIDL** is valid and matches algorithm behavior.
 5. **Security, privacy, a11y, and i18n** concerns are not obviously violated.
 6. **Commit messages** follow the project’s conventions.
-If you can only do a few things on a PR, focus on these.
+If you are unable to perform a comprehensive review of a PR, prioritize checking these key areas.
 </CoreRules>
 
 ---
@@ -76,9 +76,10 @@ Use bar syntax:
 </AlgorithmVariables>
 
 <HTMLElementReferences>
-Use caret syntax:
+Use caret syntax for HTML elements:
 - `[^iframe^]`
 - `[^input^]`
+To reference an attribute of an element, use `[^element/attribute^]`:
 - `[^iframe/allow^]`
 </HTMLElementReferences>
 
@@ -111,16 +112,16 @@ Use internal expansion syntax:
 <NormativeReferences>
 This specification normatively depends on:
 
-- [credential-management] — Credential Management Level 1  
-- [dom] — DOM Standard  
-- [html] — HTML Standard  
-- [infra] — Infra Standard  
-- [permissions] — Permissions API  
-- [permissions-policy] — Permissions Policy  
-- [RFC2119]  
-- [RFC8174]  
-- [vc-data-model] — Verifiable Credentials Data Model v2.0  
-- [WebIDL] — Web IDL Standard  
+- [[CREDENTIAL-MANAGEMENT]] — Credential Management Level 1  
+- [[DOM]] — DOM Standard  
+- [[HTML]] — HTML Standard  
+- [[INFRA]] — Infra Standard  
+- [[PERMISSIONS]] — Permissions API  
+- [[PERMISSIONS-POLICY]] — Permissions Policy  
+- [[RFC2119]]  
+- [[RFC8174]]  
+- [[VC-DATA-MODEL]] — Verifiable Credentials Data Model v2.0  
+- [[WEBIDL]] — Web IDL Standard  
 
 <NormativeChecks>
 - When a concept overlaps with these specs, suggest reusing or referencing the existing definition rather than inventing a new one.
@@ -205,7 +206,7 @@ This spec uses RFC 2119 / BCP 14 keywords.
 
 <RFCChecks>
 - Check that MUST, MUST NOT, SHOULD, SHOULD NOT, MAY appear only in normative contexts.
-- Conformance requirements using RFC2119 keywords only apply to a "user agent" implementing the specification (i.e., "A user agent MUST..." or where the context is obvious). There are no other conformance classes/objects (e.g., "Developers MUST..." would be wrong).
+- In this specification, RFC2119 keywords (MUST, SHOULD, MAY, etc.) are only to be used in conformance requirements that apply to the "user agent" implementing the specification (e.g., "A user agent MUST..."). No other conformance classes or objects (such as "Developer") are defined, so using these keywords for other entities is incorrect.
 - Flag use of these keywords in notes, examples, or purely explanatory/editorial text.
 - Watch for informal uses like “the browser should...” that may be intended as normative but are not clearly framed.
 - If the intended strength of a requirement is unclear (MUST vs SHOULD), it’s reasonable to ask for clarification.