You probably already know about SSH aliases and ProxyJump, but have you tried exploiting a forwarded agent? Or protecting it with agent restriction?
In this talk I will go through basic as well as advanced SSH tricks and deep-dive into random observations from playing around with SSH.