I have investigated a similar issue in the past (CVE-2016-7543). That time it was the PS4 variable and the default shell an important factor. If I had dash as default shell it was possible to reproduce the issue. If I had bash as default shell it was possible.
As this is a prompt expansion and that tend to be handled differently in different shells I thought that maybe the default shell could be important in this case too.
This is why I suggested to check what shell was the default shell.
Yes it was speculation, but backed by the fact that I have stumbled on that kind of problem in the past.