Honest question: couldn't this be solved by setting the authorization level of the agent the same as the user that prompted the question?
In this post's example, the agent would be limited by the author's scope inside the organization and, therefore, be incapable of exposing any unwanted file.
Reading this post makes me think, how can someone start to get into the drivers and OSes world? This seems so complicated I really don’t know where to start.
In this post's example, the agent would be limited by the author's scope inside the organization and, therefore, be incapable of exposing any unwanted file.