Who password protect they private SSH keys? Many. Who reads their own ~/.ssh/* before using command? Nobody. Lateral movement even with protected private keys.

If using someone else’s public key, I always check the key itself (it doesn’t take long, and it is easy to spot “problems” like these).

This is a nice little hack, but I don’t see it flourishing in the wild.