If you are really worried about that, the agent already has that access since itll go find that key anyways.

the HN thread about that case was much more of a "why are you putting your prod keys in random text files" and "the sota in prompt engineering is that putting DONT FUCKING DO THE BAD THING" makes the agent more desperate to get stuff done

putting limits at the harness level would do just fine. one LLM call, one tool call per voice message.

you dont have to give it a ton of turns