If you can't trust the "agent" with a secret to the LLM which is practically like access to its runtime, what the hell... others propose mitming yourself...

All of this does seem kinda funny