Verifying Artifacts for Security and Data Integrity
Artifacts (any files in the images), like the images themselves, are of unknown origin. (M025) There is no way to control how the artifacts were created or what they contain.
Files obtained from uncontrolled sources may contain undesirable features or malicious code.
Where possible, artifacts should only be obtained from trusted sources and verified using appropriate methods (e.g., PGP keys). In the case of open-source software, consider building it yourself.