Well, thing is I ask it doesn't things where sandbox fails.

And then it has to bypass sandbox to run those command with elevated permission.

This double tripe boosts token usage.

I don't think average developer workflow can be really limited to a workspace. You'll need commands which touch your system or require more privilege