Welcome to in-thread. It’s great that you are hoping to use Sonic Pi with 7 and 8 year olds in your school.
Sonic Pi will allow some but not all Ruby commands in its user programs, but I don’t think it is much of a security risk. I don’t think system calls will work for example. I have however used file handling calls in a couple of programs, where they have been useful in storing data. eg in this project Sonic Pi 3 Record/Player using TouchOSC
Many schools use Sonic PI and I don’t think you need to worry unduly about security risks. There are plenty of commands which are documented for use in Sonic Pi, and you don’t need to include others to use it very successfully. The use of “other” Ruby commands in Sonic Pi is not supported in the built in documentation, nor is it indeed necessary to use them.
On the input side, Sonic Pi can respond to incoming OSC messages. There is a switch which is normally off to prevent these from originating from other computers, but this can be turned on if you wish to communicate with Sonic Pi from an external machine.