Comment by Thorrez

>There is no probable, verifiable solution here, not any more than when talking about human employees, contractors, friends.

Well when talking about employees etc, one model to protect against malicious employees is to require every sensitive action (code check in, log access, prod modification) to require approval from a 2nd person. That same model can be used for agents. However, agents, known to be naive, might not be a good approver. So having a human approve everything the agent does could be a good solution.