Seems like the best way to limit its ability to destroy things is to run it as a separate user without sudo capabilities if the job allows.

That said running basic shell commands seems like the absolute dumbest way to spend tokens. How much time are you really saving?