Agent Workspace
Back to directoryCompareComparing injection-surface-audit cve-pre-trust-window

Pack comparison

Two packs, side-by-side. Merged comparisons, shared shape, and diff highlights in one view.

ACommunitysecurityv0.1.0Recommended
Injection Surface Audit

injection-surface-audit

Every agent product ships injection surfaces. Audit them before an attacker does.

Install

npx attrition-sh pack install injection-surface-audit

Token budget

Pass rate

Avg tokens

Publisher

Agent Workspace

Compatibility

claude-codecursorcodex-cliany-agent-harness
BCommunitysecurityv0.1.0Recommended
CVE: The Pre-Trust Execution Window

cve-pre-trust-window

4 CVEs share one root cause: extensions execute before the trust dialog renders.

Install

npx attrition-sh pack install cve-pre-trust-window

Token budget

Pass rate

Avg tokens

Publisher

Agent Workspace

Compatibility

claude-codecursorcodex

Shared shape

What both packs have in common

Overlap across canonical pattern, compatibility, tags, and required packs.

Compatibility

claude-codecursor

Tags

securitysupply-chain

Merged comparisons

Head-to-head claims from both packs

Each row is attributed to the pack that authored it. The winner column is normalised to this compare view (A / B / Tie).

SourceAlternativeAxisWinnerNote
Aowasp-llm-top10maintainabilityAOWASP LLM Top-10 is a vocabulary; this pack is an actionable checklist tied to specific code patterns. Use together: OWASP for framing, this pack for line-level audit.
Allm-guardrails-middlewarecomplexityAlternativeRuntime guardrail middleware (NeMo, Guardrails AI) adds automated filtering — lower manual effort, adds a dependency. This pack is zero-runtime and targets design-time holes. Layered defence uses both.
Ared-team-engagementaccuracyAlternativeA professional red-team engagement finds novel classes a checklist can't. Use this pack monthly; commission a red-team annually.
Binjection-surface-auditaccuracyTieDifferent surfaces: injection-surface-audit covers runtime content attacks (fetched URLs, tool outputs, user-submitted text). This pack covers load-time code execution in the pre-trust window. Run both; neither replaces the other.
Bseven-safety-layerscomplexityAlternativeseven-safety-layers documents the runtime deny-first pipeline; this pack documents the shape that lives OUTSIDE that pipeline. Simpler scope here (one surface), but depends on seven-safety-layers for post-trust enforcement.

Diff highlights

What each pack brings that the other doesn't

Unique coverage and any measurable gap between the two.

Unique to A — Injection Surface Audit

Comparisons not in B

owasp-llm-top10llm-guardrails-middlewarered-team-engagement

Compatibility A-only

codex-cliany-agent-harness

Tags A-only

prompt-injectionssrfauditowasp-llm

Unique to B — CVE: The Pre-Trust Execution Window

Comparisons not in A

injection-surface-auditseven-safety-layers

Compatibility B-only

codex

Tags B-only

cvepre-trust-windowload-time-executiondive-into-claude-codeharness-boot

Swap / reset

Swap A ↔ BPick two different packs