Threat Model Evalutation for CS, PR and Marketing Work for multiple Vendors at once : OpSec | Torhoo darknet markets

Currently running Marketing and all cs / pr work for a vendor
products range from tusci, coke, mdma and things alike

Want to start doing the same thing for a few other vendors too, same products and or thc vendors as well

Making this post to see what my "Threat Level " would be handling such work and the work I am already doing
The vendor I currently do work for is a sizeable vendor and I want to be on extra extra safe side when it comes to my OPSEC

Current setup --
Qubes + Disposable Whonix Qube + Tor + about;config javascript set to false

No vpn as I am conflicted on how to properly layer vpn over Tor without breaching my security
I also would like to use tor bridges if necessary but understand that I might not have to and should save them for those who need them

I have a pretty good understanding with computers and very familiar with Qubes

All advice is welcomed, post is mainly to help me get my OPSEC locked down and improved
thank you in advance
- a throwaway account