No, that doesn't solve it. If you run an LLM at home and give it access to APIs or your data it could still get compromised. The whole point is that it isn't the user who is doing the injection themselves.
But why would you supply untrusted input to AI code completion or your private AI assistant? Just treat it similarly as a shell and don't do curl|sudo stuff.
> But why would you supply untrusted input to AI code completion or your private AI assistant?
I believe that's the OP's point. Copy-pasting some text from a site into a private LLM is very easy (and fun) to do when exploring the text. When framed as "executing arbitrary code", the implications become clear. But a lot of people won't realise this until some damage has been done.