Guardrails are essentially part of the input. Saying "but we have guardrails" is like saying "but we do trust part of the input".
Either way, even if you trust 100% of the input, there is actually no way to guarantee that you can trust the output of the LLM. (Which, I guess, is also true for every dependency you pull in. But for those, you at least have ways to audit them.)