You can add keys to Pageant without decrypting them. The key file will be held in Pageant's memory still encrypted, and when a client program first tries to use the key, Pageant will display a dialog box prompting for the passphrase so that the key can be decrypted.
This works the same way whether the key is used by an instance of PuTTY running locally, or a remote client connecting to Pageant through agent forwarding.
To add a key to Pageant in this encrypted form, press the ‘Add Key (encrypted)’ button in the Pageant main window, or alternatively right-click on the Pageant icon in the system tray and select ‘Add Key (encrypted)’ from there. Pageant will bring up a file dialog, in just the same way as it would for the plain ‘Add Key’ button. But it won't ask for a passphrase. Instead, the key will be listed in the main window with ‘(encrypted)’ after it.
To start Pageant up in the first place with encrypted keys loaded into it, you can use the ‘--encrypted’ option on the command line. For example:
C:\PuTTY\pageant.exe --encrypted d:\main.ppk
After a key has been decrypted for the first use, it remains decrypted, so that it can be used again. The main window will list the key with ‘(re-encryptable)’ after it. You can revert it to the previous state, where a passphrase is required, using the ‘Re-encrypt’ button in the Pageant main window.
You can also ‘re-encrypt’ all keys that were added encrypted by choosing ‘Re-encrypt All Keys’ from the System tray menu. (Note that this does not discard cleartext keys that were not previously added encrypted!)
CAUTION: When Pageant displays a prompt to decrypt an already-loaded key, it cannot give keyboard focus to the prompt dialog box. As far as I know this is a deliberate defensive measure by Windows, against malicious software. So make sure you click in the prompt window before typing your passphrase, or else the passphrase might be sent to somewhere you didn't want to trust with it!