Scheme has sandboxing in the form of environments. You can evaluate[0] / load[1] untrusted code by applying an environment specifier[2] with all of the symbols you trust the code to use. For example, if you don't want the code to be able to use IO, simply don't add (scheme read) and (scheme write) to the environment that you eval / load the code with.
Zambyte|2 years ago
[0] https://index.scheme.org/filterset/r7rs_small/%28scheme%2520...
[1] https://index.scheme.org/filterset/r7rs_small/%28scheme%2520...
[2] https://index.scheme.org/filterset/r7rs_small/%28scheme%2520...