This value will usually come from the call to encrypt, and it is generally an anti-pattern to modify user input (which we may want to call out as an explicit tenet at the top level).
The operation should at the very least specify that a separate copy SHOULD be made instead.
The description for the default CMM's implementation of Get Encryption Materials states:
(https://github.com/awslabs/aws-encryption-sdk-specification/blob/master/framework/default-cmm.md#get-encryption-materials)
This value will usually come from the call to encrypt, and it is generally an anti-pattern to modify user input (which we may want to call out as an explicit tenet at the top level).
The operation should at the very least specify that a separate copy SHOULD be made instead.