Intent-Code Divergence
Medium
- Confidence
- 98% confidence
- Finding
- The function is presented as checking assignment permissions from the registry, but it unconditionally grants `main` permission to assign to any target without validating the target against configured policy. If callers trust this helper for authorization, anyone able to act as or spoof `main` gains broad delegation privileges, creating an authorization bypass and weakening least-privilege controls.
