Allowlist Grain Is The Method

An interpreter sandbox enforces a method allowlist by class and method name. One allow-listed method's return value carries data from a higher trust tier than the allowlist's grain can see. The allowlist filtered at the method level; the security boundary lives at the data level.