Sudoer inside schroot (on Debian)

This is a typical schroot.conf configuration I use:

[label]
description=whatever
type=directory
personality=linux
preserve-environment=true
directory=/wherever
users=UserForSchrootOnly
profile=desktop_no_tmp

No root-users directive. Separate home directories for schroot env, not using host's /home. I login with host OS's UserForSchrootOnly user to these schroot environments. I usually add this user to the /etc/sudoers.d/someConf file **inside** schroot, with a line,

UserForSchrootOnly ALL=(ALL:ALL) ALL

One of my goals of this setup is to have a quite isolated environment (not for audit kind of strict isolation, but efficient in practice), both through schroot and by using an OS user only for this purpose and nowhere else. On the other hand, for practical reasons it's much easier to have this dedicated user to be sudoer also, inside the schroot env of course. A use case is to run an untrusted closed source app. My concern is: Since UserForSchrootOnly user is a sudoer inside the schroot env, is it possible to be any compromise of security for the host system due to this? Any way to use sudo elevation inside schroot env, to access something outside of schroot or outside UserForSchrootOnly's home dir on the host system? Man page of schroot.conf mentions that root access to chroot is a serious risk; I'm not concerned about user's misbehaviour. My concern is about the untrusted, closed source app, taking advantage of the sudoer user it runs. ___ I'd like to point out that although this seems like an ideal scenario for a sandbox like firejail, I've failed to run some apps with it, even adding the --no-profile parametre. Also other scenarios include apps that need more recent libs, so I need to setup a Debian Testing or Ubuntu schroot env to run the untrusted app inside.