[...]
where the last party to sign can spend using a very big script path instead of the agreed upon key path, thus inflating the whole transaction's size and diminishing the overall feerate, as the absolute fee (in sats) was already committed to.
This also made me think of an active discussion in the Bitcoin-Dev mailing list regarding an attack vector on multiparty protocols (such as Lightning or coinjoins, and even more opening Lightning channels in coinjoins) using Taproot inputs,
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-February/021444.html
Discussion
This attack doesn't steal funds per se, but degrades the expected "quality of service" (in terms of quick confirmation, for example), and can indirectly result in loss of funds in the case of time-sensitive protocols. Definitely something to keep in mind!