I think that this statement isn't quite correct. It MAY be the case for build L2, but it MUST NOT be the case for build L3.
Are you considering this from the perspective of the infrastructure running the build platform. If the infrastructure is compromised then this may be the case even if it isn't the case from a running build itself?
Are you considering this from the perspective of the infrastructure running the build platform. If the infrastructure is compromised then this may be the case even if it isn't the case from a running build itself?
_Originally posted by @arewm in https://github.com/slsa-framework/slsa/pull/1115#discussion_r1790324785_