Interesting. According to why I see on the Telegram Channel, it is built using the latest Magisk so it is 25.1/2 and uses the Zygisk deny and not the old Magisk hide mechanism.Yes, you're right.
Lygisk is a fork of Magisk (just rebuilds with some patches) which can survive after OTA updates.
I can only surmise that the particular fingerprint for your device is still in the databases as only being valid for basic attestation despite it being a 12 OS. Again, I would expect that sooner or later (most likely sooner) you will being to see an issue. Once that happens though I'm not sure how safe any of us will be using different fingerprints. I see no reason for instance that the Pixel 3 XL 9 fingerprint works when the 12 doesn't, as that device should support HA even on 9.