WebSentinel: Detecting and Localizing Prompt Injection Attacks for Web Agents
Abstract
Prompt injection attacks manipulate webpage content to cause web agents to execute attacker-specified tasks instead of the user's intended ones. Existing methods for detecting and localizing such attacks achieve limited effectiveness, as their underlying assumptions often do not hold in the web-agent setting. In this work, we propose WebSentinel, a two-step approach for detecting and localizing prompt injection attacks in webpages. Given a webpage, Step I extracts \emph{segments of interest} that may be contaminated, and Step II evaluates each segment by checking its consistency with the webpage content as context. We show that WebSentinel is highly effective, substantially outperforming baseline methods across multiple datasets of both contaminated and clean webpages that we collected. Our code is available at: https://github.com/wxl-lxw/WebSentinel.
Growth and citations
This paper is currently showing No growth state computed yet..
Citation metrics and growth state from academic sources (e.g. Semantic Scholar). See About for details.
Cited by (0)
No citing papers yet
Papers that cite this one will appear here once data is available.
View citations page →References (0)
No references in DB yet
References for this paper will appear here once ingested.
Related papers in Cryptography and Security
- mopri - An Analysis Framework for Unveiling Privacy Violations in Mobile Apps0 citations
- Can Developers rely on LLMs for Secure IaC Development?0 citations
- Reference-Free EM Validation Flow for Detecting Triggered Hardware Trojans0 citations
Growth transitions
No transitions recorded yet
Growth state transitions will appear here once computed.