Confidential Containers uses a generic guest image to simplify the orchestration and validation of Pod VMs. While this has many benefits, it also introduces some subtle security considerations. This talk will describe a class of so-called Evidence Factory attacks where privilege escalation can lead to dangerous misuse of generic attestation evidence. Can these attacks be mitigated while still preserving the benefits of a generic guest image? This talk will dive into the details of how attestation works for Confidential Containers and expose crucial considerations for anyone working with Confidential Computing more generally.