Sandboxing code generated from toolbox


I wish to compile code fragments and run them with limited privileges.
The compiler toolbox allows me to easily compile small code fragments run lambdas etc. However this raises some security issues.
I can write the code fragment with some boilerplate to a file, compile to a jar, load in a new classloader and using that classloader limit permissions with a security policy. However I would rather avoid all these files and jars as I can with toolbox.

I seem to be unable to identify the classes created by toolbox in my security policy, is there a way to identify them from their protection domain? Is there a better light weight method for executing untrusted scala code fragments?