diff --git a/pkg/stacker/referrer.go b/pkg/stacker/referrer.go
index e72e0407..48a28b4c 100644
--- a/pkg/stacker/referrer.go
+++ b/pkg/stacker/referrer.go
@@ -397,6 +397,12 @@ func getArtifact(path, mtype, aUrl, username, password string, skipTLS bool) err
 		return err
 	}
 
+	if (manifest.Config.MediaType != ispec.DescriptorEmptyJSON.MediaType) ||
+		(manifest.Config.Digest != ispec.DescriptorEmptyJSON.Digest) {
+		log.Errorf("invalid artifact descriptor for %s", sdgst.String())
+		return errors.Errorf("invalid artifact descriptor for %s", sdgst.String())
+	}
+
 	// create a tempfile
 	fh, err := os.CreateTemp(path, "*.json")
 	if err != nil {