Why would you want to sandbox such a powerful App it in the first place? Do you want to modify defaults and killall for specific other apps (somehow possible) or for "all that exist on the machine"?
If for specific other apps, why not do it without shell? For defaults write use com.apple.security.temporary-exception.shared-preference.read-write and add the domains you'd like to modify (eg. com.apple.DigitalColorMeter) and use CFPreferencesSetValue()
For killall use com.apple.security.temporary-exception.apple-events and run an Applescript / send AppleEvents to terminate specific processes.