Master Student @ ZJUHi there! I am a Master Student at the Zhejiang University.
Currently, my research is centered on trustworthy LLMs, with a specific emphasis on improving the reliability and robustness of LLM agents, LLM-based multi-agent systems (LLM-MAS), and large reasoning models. I'm especially interested in mitigating risks such as prompt injection in these systems.
Feel free to contact me if you are interested in my research!
Warning
Problem: The current name of your GitHub Pages repository ("Solution: Please consider renaming the repository to "
http://".
However, if the current repository name is intended, you can ignore this message by removing "{% include widgets/debug_repo_name.html %}" in index.html.
Action required
Problem: The current root path of this site is "baseurl ("_config.yml.
Solution: Please set the
baseurl in _config.yml to "Education
-
Zhejiang UniversityM. S. in Software EngineeringSep. 2025 - present
-
Shandong University of Science and TechnologyB.S. in Computer ScienceSep. 2021 - Jul. 2025
News
Selected Publications (view all )
IPIGuard: A Novel Tool Dependency Graph-Based Defense Against Indirect Prompt Injection in LLM Agents
Hengyu An, Jinghuai Zhang, Tianyu Du, Chunyi Zhou, Qingming Li, Tao Lin, Shouling Ji
Empirical Methods in Natural Language Processing (EMNLP) 2025 Poster
LLM agents face Indirect Prompt Injection (IPI) when using tools with untrusted data, as hidden instructions can make them perform malicious actions. Our new defense, IPIGuard, significantly enhances agent security against these attacks by separating action planning from external data interaction using a Tool Dependency Graph (TDG).
IPIGuard: A Novel Tool Dependency Graph-Based Defense Against Indirect Prompt Injection in LLM Agents
Hengyu An, Jinghuai Zhang, Tianyu Du, Chunyi Zhou, Qingming Li, Tao Lin, Shouling Ji
Empirical Methods in Natural Language Processing (EMNLP) 2025 Poster
LLM agents face Indirect Prompt Injection (IPI) when using tools with untrusted data, as hidden instructions can make them perform malicious actions. Our new defense, IPIGuard, significantly enhances agent security against these attacks by separating action planning from external data interaction using a Tool Dependency Graph (TDG).