As someone who pulls a salary and does not get rewarded equity: agree!

Especially given the LLM does not trust the user. An LLM can be jailbroken into lowering it's guardrails, but no amount of rapport building allows you to directly talk about material details of banned topics. Might as well never trust it.

never trust a screenshot of a command prompts output blindly either.

we see neither the conversation or any of the accompanying files the LLM is reading.

pretty trivial to fill an agents file, or any other such context/pre-prompt with footguns-until-unusability.