Please report vulnerabilities privately through GitHub Security Advisories for this repository. Do not include real credentials, customer data, ad account IDs, or private creative files in a report.
The current release is a synthetic, offline reference implementation. It has no supported Meta API, OAuth, upload, customer-data, or live-mutation path. Reports that demonstrate a bypass of the synthetic-data boundary, review policy, evidence grounding, local-state validation, or no-network guarantee are in scope.
See the threat model for the enforced boundary.