Do not file public GitHub issues for security vulnerabilities.

Email: kobepaw@proton.me

• We will acknowledge your report within 48 hours
• We will provide a fix timeline within 7 days
• We follow coordinated disclosure with a 90-day window

• goop-face client library, CLI, and MCP server
• Local ONNX inference pipeline
• Face detection integration

Out of scope:

• goop-face-engine (separate project)
• InsightFace upstream vulnerabilities (report to their maintainers)