This is not privilege separation/sandboxing. Separate virtual machine for an agent with limited credentials is reasonably safe approach