Computer-use agents (CUAs) have made tremendous progress in the past year, yet they still frequently produce misaligned actions that deviate from the user's original intent. Such misaligned actions may arise from external attacks (e.g., indirect prompt injection) or from internal limitations (e.g., erroneous reasoning). They not only expose CUAs to safety risks, but also degrade task efficiency and reliability. This work makes the first effort to define and study misaligned action detection in CUAs, with comprehensive coverage of both externally induced and internally arising misaligned actions. We further identify three common categories in real-world CUA deployment and construct MisActBench, a benchmark of realistic trajectories with human-annotated, action-level alignment labels. Moreover, we propose DeAction, a practical and universal guardrail that detects misaligned actions before execution and iteratively corrects them through structured feedback. DeAction outperforms all existing baselines across offline and online evaluations with moderate latency overhead: (1) On MisActBench, it outperforms baselines by over 15% absolute in F1 score; (2) In online evaluation, it reduces attack success rate by over 90% under adversarial settings while preserving or even improving task success rate in benign environments.

翻译：过去一年中，计算机使用智能体（CUAs）取得了巨大进展，但其仍频繁产生偏离用户原始意图的未对齐行为。此类未对齐行为可能源于外部攻击（如间接提示注入）或内部局限（如错误推理）。它们不仅使CUAs面临安全风险，还会降低任务效率与可靠性。本研究首次系统定义并探究CUAs中的未对齐行为检测问题，全面涵盖外部诱发与内部产生的未对齐行为。我们进一步识别了现实世界CUA部署中的三种常见类别，并构建了MisActBench——一个包含人工标注的行为级对齐标签的真实轨迹基准。此外，我们提出了DeAction：一种实用且通用的防护机制，可在执行前检测未对齐行为，并通过结构化反馈进行迭代修正。DeAction在离线与在线评估中均优于现有基线方法，且仅产生适度延迟开销：（1）在MisActBench上，其F1分数绝对值超出基线方法15%以上；（2）在线评估中，在对抗环境下将攻击成功率降低90%以上，同时在良性环境中保持甚至提升了任务成功率。