English

WebSentinel: Detecting and Localizing Prompt Injection Attacks for Web Agents

Cryptography and Security 2026-02-04 v1 Artificial Intelligence Computation and Language

Abstract

Prompt injection attacks manipulate webpage content to cause web agents to execute attacker-specified tasks instead of the user's intended ones. Existing methods for detecting and localizing such attacks achieve limited effectiveness, as their underlying assumptions often do not hold in the web-agent setting. In this work, we propose WebSentinel, a two-step approach for detecting and localizing prompt injection attacks in webpages. Given a webpage, Step I extracts \emph{segments of interest} that may be contaminated, and Step II evaluates each segment by checking its consistency with the webpage content as context. We show that WebSentinel is highly effective, substantially outperforming baseline methods across multiple datasets of both contaminated and clean webpages that we collected. Our code is available at: https://github.com/wxl-lxw/WebSentinel.

Keywords

Cite

@article{arxiv.2602.03792,
  title  = {WebSentinel: Detecting and Localizing Prompt Injection Attacks for Web Agents},
  author = {Xilong Wang and Yinuo Liu and Zhun Wang and Dawn Song and Neil Gong},
  journal= {arXiv preprint arXiv:2602.03792},
  year   = {2026}
}
R2 v1 2026-07-01T09:34:43.923Z