Web agents don't see pages like humans do — they read the full DOM, including hidden text designed to hijack their goals. Guni scans raw HTML before your agent executes and returns ALLOW / CONFIRM / BLOCK with evidence. Detects: → Prompt injection → Phishing forms → Goal hijacking → Clickjacking → Redirect abuse → Deceptive UI Works with Playwright, browser-use, and LangChain. Free to self-host (MIT). Hosted API from ₹999/mo.