AttriGuard: Defeating Indirect Prompt Injection in LLM Agents via Causal Attribution of Tool Invocations

Yu He and Haozhe Zhu, Zhejiang University; Yiming Li, Nanyang Technological University; Shuo Shao, Zhejiang University; Hongwei Yao, City University of Hong Kong; zhihao Liu and Zhan Qin, Zhejiang University