You would need to prevent an attacker from installing shell aliases, or shell config files, or altering any binaries in PATH.

Like, sure you could, but you end up with a very useless system.

Easier to just use VMs for each security context.

Is any of this specific to a link vs tyre original full-pathed sudo?