For a specific bad thing like "rm -rf" that may be plausible, but this will break down when you try to enumerate all the other bad things it could possibly do.
We can, but if you want to stop private info from being leaked then your only sure choice is to stop the agent from communicating with the outside world entirely, or not give it any private info to begin with.