Free software's not-so-eXZellent adventure

It reads from data that was hidden in / disguised as part of the test suite; the file in question wasn't even used as actual test input AFAICR. That falls squarely into the "subverted anyway" category.

So yes you're right in that in this case the test output didn't actually influence the build. Thus to be safe against "hide an exploit's core in plain sight" attacks we'd have to go a step further and mandate that the builder cannot access its test data, binary or otherwise.