Pack comparison
Two packs, side-by-side. Merged comparisons, shared shape, and diff highlights in one view.
seven-safety-layers
Defense-in-depth for tool execution. Deny > ask > allow. All 7 layers, in order, with honest failure modes.
Install
npx attrition-sh pack install seven-safety-layersToken budget
—
Pass rate
—
Avg tokens
—
Publisher
Agent Workspace
Compatibility
cve-pre-trust-window
4 CVEs share one root cause: extensions execute before the trust dialog renders.
Install
npx attrition-sh pack install cve-pre-trust-windowToken budget
—
Pass rate
—
Avg tokens
—
Publisher
Agent Workspace
Compatibility
Shared shape
What both packs have in common
Overlap across canonical pattern, compatibility, tags, and required packs.
Compatibility
Tags
Merged comparisons
Head-to-head claims from both packs
Each row is attributed to the pack that authored it. The winner column is normalised to this compare view (A / B / Tie).
| Source | Alternative | Axis | Winner | Note |
|---|---|---|---|---|
| A | injection-surface-audit | maintainability | Tie | This pack is the architecture; injection-surface-audit is the checklist. Use the architecture for design decisions, the checklist for per-release audits. Complementary, not substitutes. |
| A | turn-execution-pipeline | complexity | Alternative | Turn pipeline describes the outer 9-step loop; this pack expands step 7 (permission gate) into its 7-layer decomposition. Pipeline is simpler because it treats the gate as one step; safety layers are the hard part. |
| A | owasp-llm-top10 | accuracy | A | OWASP LLM Top 10 is a vocabulary for LLM-app vulnerabilities; this pack is a specific architecture. Use OWASP to name the risks, this pack to verify the layers. |
| B | injection-surface-audit | accuracy | Tie | Different surfaces: injection-surface-audit covers runtime content attacks (fetched URLs, tool outputs, user-submitted text). This pack covers load-time code execution in the pre-trust window. Run both; neither replaces the other. |
| B | seven-safety-layers | complexity | Alternative | seven-safety-layers documents the runtime deny-first pipeline; this pack documents the shape that lives OUTSIDE that pipeline. Simpler scope here (one surface), but depends on seven-safety-layers for post-trust enforcement. |
Diff highlights
What each pack brings that the other doesn't
Unique coverage and any measurable gap between the two.
Unique to A — Seven Safety Layers
Comparisons not in B
Compatibility A-only
(none)
Tags A-only
Unique to B — CVE: The Pre-Trust Execution Window
Comparisons not in A
Compatibility B-only
(none)
Tags B-only
Swap / reset