If the key used in signature verification has a tweak applied to the MuSig2 pubkey, then all participants in the MuSig2 must apply the same tweak. Otherwise, the signature itself cannot be aggregated to produce a valid signature for the final key.
This means that if MuSig2 is used as an internal key in a keypath spend only case, all signers are applying the tweak computed by hashing the internal key (i.e. hashing the MuSig2 aggregate pubkey). Anyone who is applying a different tweak will not have a valid partial signature.
If the MuSig2 is used as an internal key in a taproot output that also has script paths, all signers must apply the tweak computed from the merkle root in order to produce valid partial signatures.
Lastly, if the MuSig2 is used as a pubkey in a script, no tweak is applied, but the partial signature commits to that particular leaf script so the partial signatures cannot be used in other spends.
Since all participants in a MuSig2 must be signing the same thing and applying the same tweaks, it’s not possible for Alice to embed a hidden script path. She would be applying a tweak that no one else is applying, or applying a tweak different to what everyone else is applying. The resulting aggregate signature would not be valid.
