Yes, but whatever the LLM has authenticated access to, an attacker can convince it to mess with on their behalf.