diff --git a/.github/workflows/selftest.yml b/.github/workflows/selftest.yml
index 06798f2..1a2910c 100644
--- a/.github/workflows/selftest.yml
+++ b/.github/workflows/selftest.yml
@@ -32,6 +32,7 @@ jobs:
         id: sigstore-python
         with:
           inputs: ./test/artifact.txt
+          internal-be-careful-debug: true
       - name: Check outputs
         shell: bash
         run: |
@@ -55,6 +56,7 @@ jobs:
         id: sigstore-python
         with:
           inputs: ${{ matrix.input }}
+          internal-be-careful-debug: true
       - name: Check failure
         env:
           XFAIL: ${{ steps.sigstore-python.outcome == 'failure' }}
@@ -75,6 +77,7 @@ jobs:
         with:
           inputs: ./test/artifact.txt
           staging: true
+          internal-be-careful-debug: true
       - name: Check outputs
         run: |
           [[ -f ./test/artifact.txt.sigstore ]] || exit 1
@@ -90,6 +93,7 @@ jobs:
         with:
           inputs: ./test/*.txt
           staging: true
+          internal-be-careful-debug: true
 
   selftest-upload-artifacts:
     runs-on: ubuntu-latest
@@ -103,6 +107,7 @@ jobs:
           inputs: ./test/artifact.txt
           staging: true
           upload-signing-artifacts: true
+          internal-be-careful-debug: true
       - uses: actions/download-artifact@v3
         with:
           name: "signing-artifacts-${{ github.job }}"
@@ -127,6 +132,7 @@ jobs:
           certificate: ./test/custom_certificate.crt
           bundle: ./test/custom_bundle.sigstore
           staging: true
+          internal-be-careful-debug: true
       - name: Check outputs
         run: |
           [[ -f ./test/custom_signature.sig ]] || exit 1
@@ -147,6 +153,7 @@ jobs:
           verify-cert-identity: https://github.com/sigstore/gh-action-sigstore-python/.github/workflows/selftest.yml@${{ github.ref }}
           verify-oidc-issuer: https://token.actions.githubusercontent.com
           staging: true
+          internal-be-careful-debug: true
 
   selftest-xfail-verify-missing-options:
     runs-on: ubuntu-latest
@@ -183,6 +190,8 @@ jobs:
           verify-oidc-issuer: ${{ matrix.config.verify-oidc-issuer }}
           verify-cert-identity: ${{ matrix.config.verify-cert-identity }}
           staging: true
+          internal-be-careful-debug: true
+
       - name: Check failure
         env:
           XFAIL: ${{ steps.sigstore-python.outcome == 'failure' }}
@@ -215,6 +224,7 @@ jobs:
           inputs: ./test/artifact.txt
           identity-token: ${{ steps.get-oidc-token.outputs.identity-token }}
           staging: true
+          internal-be-careful-debug: true
 
   all-selftests-pass:
     if: always()
diff --git a/action.yml b/action.yml
index a6fa96a..b20d943 100644
--- a/action.yml
+++ b/action.yml
@@ -102,6 +102,8 @@ runs:
       run: |
         # NOTE: Sourced, not executed as a script.
         source "${GITHUB_ACTION_PATH}/setup/setup.bash"
+      env:
+        GHA_SIGSTORE_PYTHON_INTERNAL_BE_CAREFUL_DEBUG: "${{ inputs.internal-be-careful-debug }}"
       shell: bash
 
     - name: Run sigstore-python
diff --git a/setup/setup.bash b/setup/setup.bash
index 498a8e5..ee645bb 100644
--- a/setup/setup.bash
+++ b/setup/setup.bash
@@ -21,6 +21,15 @@ die() {
   exit 1
 }
 
+debug() {
+  if [[ "${GHA_SIGSTORE_PYTHON_INTERNAL_BE_CAREFUL_DEBUG}" = "true" ]]; then
+    echo -e "\033[93mDEBUG: ${1}\033[0m"
+  fi
+}
+
+debug "Python: $(python -V)"
+debug "pip: $(python -m pip --version)"
+
 # NOTE: This file is meant to be sourced, not executed as a script.
 if [[ "${0}" == "${BASH_SOURCE[0]}" ]]; then
   die "Internal error: setup harness was executed instead of being sourced?"