From def1c2bbc720ed5bfda1253b783c704f7b322915 Mon Sep 17 00:00:00 2001 From: Miguel Jacq Date: Mon, 22 Jun 2026 11:59:38 +1000 Subject: [PATCH] Add note about README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 2d22408..1a3beea 100644 --- a/README.md +++ b/README.md @@ -196,6 +196,8 @@ Enforcement is intentionally “safe”: If the config manager tool is not on `PATH`, Enroll returns an error and does not enforce. +**IMPORTANT**: Only enforce harvest bundles that you trust. Validation checks bundle structure and artifact safety; it does not prove that the described system state is safe to apply, e.g. hasn't been tampered with by another user with sufficient permission to do so! + **Output formats** - `--format json` (default for webhooks)