Signed But Unextracted

A document arrives with a cryptographic signature over an inner artifact, but the verifier extracts signatures at a pipeline stage where the inner artifact is still wrapped (encrypted, encoded, deferred-parsed). After a later stage opens the wrapper, the verifier never re-extracts. The signature exists in the document and is never in the validator's working set; the outer envelope's signature is treated as having authenticated content it never covered.