Yes. I agree that many of the announced and currently shipping features should be just fine from a security perspective with only a local agent.

Running an LLM locally makes no difference at all to the threat of malicious instructions that make it into the model causing unwanted actions or exfiltrating data.

If anything a local LLM is more likely to have those problems because it's not as capable at detecting malicious tricks as a larger model.