Thanks for flagging the email issue -- DNS MX records are being configured now. In the meantime, reach us at contact@agentsign.dev (that one works) or raza.sharif@outlook.com directly.

On your points about env injection and lazy-loaded modules bypassing on-disk hash: you're right that static file hashing alone doesn't cover runtime context manipulation. Our attestation checks the registered code artifact, but a production deployment would need runtime sandboxing (process isolation, restricted imports) as a complementary layer. AgentSign handles identity and trust -- sandboxing is the execution environment's job.

On trust score elevation attacks (benign buildup, then exploit): the trust score factors in execution verification rate and success rate continuously, not just cumulatively. A sudden behavioral shift (failed attestations, anomalous outputs) drops the score dynamically. But you're right that a slow, careful escalation is the harder case. That's where the MCP gate's per-request verification adds defense in depth -- even a high-trust agent gets checked every single call.

Interested in the adversarial run. Let's connect -- contact@agentsign.dev.