IIUC, this experiment proved the agent was secure under the "anti-prompt-injection" rules. But did it have any utility? (i.e. not having an agent at all would be even safer!)