The code editor is available in the Chrome browser and the official Apps Script website details how the scripts run on Google servers.

Attackers are abusing Google's Apps Script business application development platform to steal credit card information submitted by customers of e-commerce websites while shopping online.

Threat actors have been seen abusing Google Apps Script to launch convincing phishing attacks and steal people’s Microsoft 365 login details.

Google Apps Scripts are a relatively easy way for marketers to dip their toes in the automation waters.