Perhaps, but you're missing the entire purpose of 2FA: the "Are you sure you want to X?" is out of band by definition. The first factor is the things you know: username and password. The second factor is something you have.

If a specific 2FA implementation is not out-of-band, that would make it useless as a 2FA and it would be as you describe.