Abstract
Executing autonomous AI agent payloads in Google Workspace via the Apps Script API's scripts.run method introduces severe security risks. This article presents a novel sandboxing proposal designed specifically for the scripts.run method, using ggsrun as the orchestrator to execute code safely and efficiently. By performing in-memory token replacement and uploading a separate, alphabetically-prioritized guard file, this approach achieves robust API-level containment. Guided by ggsrun's automated backup and default rollback lifecycle (exe1), the remote environment is immediately restored, providing a clean, dependency-free security model for AI-driven Workspace automation.
Introduction
The emergence of autonomous AI agents utilizing the Model Context Protocol (MCP) or persistent CLI runtimes has transformed development workflows. These agents can write, test, compile, and execute code statefully to automate operations. However, executing dynamic, LLM-generated code in an enterprise productivity suite like Google Workspace presents severe security challenges.
When an AI agent interacts with Google Workspace to execute Google Apps Script, utilizing the Apps Script API's scripts.run method is a primary approach. This method allows the agent to execute script functions directly on Google's servers. Because this API operates under standard Workspace OAuth scopes, a compromised agent, a prompt injection attack, or an unverified script payload can easily cause:






