diff --git a/.github/workflows/build-and-sign.yml b/.github/workflows/build-and-sign.yml
index 4bf2185..311e42b 100644
--- a/.github/workflows/build-and-sign.yml
+++ b/.github/workflows/build-and-sign.yml
@@ -5,8 +5,6 @@ run-name: Demo workflow signing with SignPath
 on: 
   push:
   pull_request:
-  #schedule:
-  #  - cron:  '30 3 * * *' # every day at 3:30am UTC
   workflow_dispatch: # Allows you to run this workflow manually from the Actions tab
 
 jobs:
@@ -47,7 +45,8 @@ jobs:
         api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
         organization-id: '${{ vars.SIGNPATH_ORGANIZATION_ID }}'
         project-slug: 'Demo_Application'
-        signing-policy-slug:  '${{ env.SIGNPATH_SIGNING_POLICY_SLUG }}'
+        # maliciously try to get a release signature from a feature branch
+        signing-policy-slug:  'release-signing'
         github-artifact-id:  "${{steps.upload-unsigned-artifact.outputs.artifact-id}}"
         wait-for-completion: true
         output-artifact-directory: 'demo-application-signed'