enumeratesigners takes the fingerprint field from the external signer's enumerate output and stores it without checking it. That value is later handed back to the signer command as --fingerprint <value> (e.g. in displayaddress), so a malformed value propagates unchecked.
A master key fingerprint is 4 bytes, i.e. 8 hex characters. This adds a check that the reported fingerprint is exactly 8 hex characters and throws a clear error otherwise. A functional test covers empty, wrong-length, and non-hex inputs.