Built with hardcoded security
Even if your connector URL is compromised, the damage is minimal by design.
The safety limits aren't instructions Claude is told to follow — they live in the server code and cannot be overridden by any prompt, leaked URL, or injected instruction.
Worst case if your URL leaks: someone can create paused campaigns, add ad groups (potentially with wrong landing pages), and add keywords — but budgets cannot be changed through MCP, so existing campaigns cannot spend more than they already do, and new ones stay PAUSED until you manually enable them. Nothing goes live automatically. You see all of it in the activity log and regenerate your URL to cut off access immediately.