User-Controlled Path Traversal

File paths built from user-influenced data get opened without a robust resolved-path containment check, enabling path traversal/path injection (e.g., ../) and causing downstream tooling failures when coverage/report paths are misconfigured.