By “cryptographic attestation”, I mean that the pool/mint is signing the individual shares and those signatures can be checked and cannot be modified after that fact. Since this signature happens at time of share validation, the hash provider knows that anything modified after the fact is malicious behavior.