@laurel.straddle yes and no.
In your example, using my PoC, your command would not know about wget-proxy and would stay
sudo http://instructions.on.the.web.com/not_malicious.sh | bash
Then each time that script would call wget/curl, those calls would be intercepted and paused for 3 seconds, showing what is attempted to be downloaded, giving opportunity for the user to CTRL-C per console instructions and showing you what the script you run is attempting to download on your behalf.
No protection on the sudo call here, but safeguards to download stuff only from curl/proxy. Other methods used to download stuff from your script would fail as usual. That was my proposition to ease while educate users attemtping to follow software installation guides expected to work ™. Nowhere is that PoC claiming to protrct users from running a random bash script in template/dom0. The claim was to wrap around and give a chance to the user to stop downloads happening in random scripts.