Plan-Then-Execute Paradigm Proposed for Web Agents

A recent paper on arXiv suggests that web agents should implement a plan-then-execute approach rather than the commonly utilized ReAct framework. The researchers assert that ReAct's integration of unverified web information into decision-making processes opens a vulnerability for prompt injections that can manipulate the agent's control flow. Conversely, the plan-then-execute method establishes a task-specific program prior to engaging with real-time web content, thereby safeguarding against untrusted information altering user tasks or prompting the model to create new actions. The study evaluates WebArena, a well-known benchmark for web agents, concluding that all tasks align with the proposed approach.