You still need to know what you're installing, just like apps on your phone or your computer. Blindly installing anything is bad and you're going to have a bad time if you do.
Blindly installing code is how most people operate — they trust app stores, npm, and GitHub stars as social proof. Agents amplify the risk because they act autonomously. The attack surface is permissions + keys + network access. What's the equivalent of a hardware wallet for agent isolation?