Honest question: couldn't this be solved by setting the authorization level of the agent the same as the user that prompted the question?
In this post's example, the agent would be limited by the author's scope inside the organization and, therefore, be incapable of exposing any unwanted file.
In this post's example, the agent would be limited by the author's scope inside the organization and, therefore, be incapable of exposing any unwanted file.