Agent Workspace
Back to directoryCompareComparing cve-pre-trust-window injection-surface-audit

Pack comparison

Two packs, side-by-side. Merged comparisons, shared shape, and diff highlights in one view.

ACommunitysecurityv0.1.0Recommended
CVE: The Pre-Trust Execution Window

cve-pre-trust-window

4 CVEs share one root cause: extensions execute before the trust dialog renders.

Install

npx attrition-sh pack install cve-pre-trust-window

Token budget

Pass rate

Avg tokens

Publisher

Agent Workspace

Compatibility

claude-codecursorcodex
BCommunitysecurityv0.1.0Recommended
Injection Surface Audit

injection-surface-audit

Every agent product ships injection surfaces. Audit them before an attacker does.

Install

npx attrition-sh pack install injection-surface-audit

Token budget

Pass rate

Avg tokens

Publisher

Agent Workspace

Compatibility

claude-codecursorcodex-cliany-agent-harness

Shared shape

What both packs have in common

Overlap across canonical pattern, compatibility, tags, and required packs.

Compatibility

claude-codecursor

Tags

securitysupply-chain

Merged comparisons

Head-to-head claims from both packs

Each row is attributed to the pack that authored it. The winner column is normalised to this compare view (A / B / Tie).

SourceAlternativeAxisWinnerNote
Ainjection-surface-auditaccuracyTieDifferent surfaces: injection-surface-audit covers runtime content attacks (fetched URLs, tool outputs, user-submitted text). This pack covers load-time code execution in the pre-trust window. Run both; neither replaces the other.
Aseven-safety-layerscomplexityAlternativeseven-safety-layers documents the runtime deny-first pipeline; this pack documents the shape that lives OUTSIDE that pipeline. Simpler scope here (one surface), but depends on seven-safety-layers for post-trust enforcement.
Bowasp-llm-top10maintainabilityBOWASP LLM Top-10 is a vocabulary; this pack is an actionable checklist tied to specific code patterns. Use together: OWASP for framing, this pack for line-level audit.
Bllm-guardrails-middlewarecomplexityAlternativeRuntime guardrail middleware (NeMo, Guardrails AI) adds automated filtering — lower manual effort, adds a dependency. This pack is zero-runtime and targets design-time holes. Layered defence uses both.
Bred-team-engagementaccuracyAlternativeA professional red-team engagement finds novel classes a checklist can't. Use this pack monthly; commission a red-team annually.

Diff highlights

What each pack brings that the other doesn't

Unique coverage and any measurable gap between the two.

Unique to A — CVE: The Pre-Trust Execution Window

Comparisons not in B

injection-surface-auditseven-safety-layers

Compatibility A-only

codex

Tags A-only

cvepre-trust-windowload-time-executiondive-into-claude-codeharness-boot

Unique to B — Injection Surface Audit

Comparisons not in A

owasp-llm-top10llm-guardrails-middlewarered-team-engagement

Compatibility B-only

codex-cliany-agent-harness

Tags B-only

prompt-injectionssrfauditowasp-llm

Swap / reset

Swap A ↔ BPick two different packs