SnapGuard: Lightweight Prompt Injection Detection for Screenshot-Based Web Agents

arXiv:2604.25562v1 Announce Type: cross Abstract: Web agents have emerged as an effective paradigm for automating interactions with complex web environments, yet remain vulnerable to prompt injection attacks that embed malicious instructions into webpage content to induce unintended actions. This threat is further amplified for screenshot-based web agents, which operate on rendered visual webpages rather than structured textual representations, making predominant text-centric defenses ineffectiv