This is overly pessimistic. Prompt injection can be largely mitigated by creating a protocol firewall between agents that access untrusted content and agents that perform computation: https://sibylline.dev/articles/2026-02-22-schema-strict-prom...

I'm working on an autonomous agent framework that is set up this way (along with full authz policy support via OPA, monitoring via OTel and a centralized tool gateway with CLI). https://github.com/sibyllinesoft/smith-core for the interested. It doesn't have the awesome power of a 30 year old meme like the OP but it makes up for it with care.

That's like saying you shouldn't vet your PA because they'll have access to your email anyway. Yeah, but I still don't give them my house keys.