If the agent didn't have delete permissions, or was sandboxed dying other way from your production database, that would handle it. So not running it that way is a decision someone made

It means people have to read the commands that they are generating before executing them.

Just in case this isn't hyperbole, no. It means an LLM should not be given that much privilege and that you are responsible for reviewing the tool's output and approving its actions.

"But wait, the user probably just meant that I shouldn't delete the database itself. Removing all of the rows in the table is fine"