Predicate Stringifies The Object

A security predicate intends to test one field of a structured value (a path, a header, a claim) but is implemented against the value's stringified form. The string representation includes other attacker-controlled fields, and the substring or equality check accepts the gate's allow-string from any of them.