There is no world in which an enterprise is not OK with an agent having access to a CLI but is OK with possibly getting prompt injected from a random web search.