You could have access to a web browser or web request tool instead.
There is no world in which an enterprise is not OK with an agent having access to a CLI but is OK with possibly getting prompt injected from a random web search.
alt Hacker News
There is no world in which an enterprise is not OK with an agent having access to a CLI but is OK with possibly getting prompt injected from a random web search.