The provisioning profile uses a wildcard application-identifier (TEAMID.*), which is over-broad and typically a non-production signing setup.
A wildcard application-identifier (TEAM.*) means the profile was generic: capabilities like keychain-access-groups get broader matching than intended, and keychain items can be shared wider than designed.
Loosened identity boundaries between your apps; explicit app IDs exist to prevent exactly this.