That's 100% correct. This is why no one should use agent forwarding with a jumpbox. Only -J. (see https://userify.com/docs/jumpbox )
Another point is that no one should have any real access to the jumpbox and it should be as minimal and stripped-down as possible. It's literally your bastion host, so you've got to keep it as strong as possible.
To be clear, agent-forwarding to a (potentially) malicious ssh server has always been a bad idea. Yes TFA's bug makes it a worse idea and it's absolutely worth it to patch it, but you should not be agent-forwarding to (potentially) malicious ssh servers in the first place.
