It would be good if Pageant could provide a log of requests that have been made of it (who, what, when) - particularly useful if agent forwarding is in use. Perhaps something in the style of PuTTY's Event Log? Perhaps a persistent disk log would also be useful.

If nothing else, this gives you a means of finding out if agent forwardings have been unexpectedly abused.

Probably depends on better key management to some extent.

