When linpeass performs checks related to sudo allowed commands (sudo -l), it returns the following results:

Matching Defaults entries for user1 on host:
env_reset, mail_badpass, secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin

User user1 may run the following commands on host:
(ALL) /bin/ls /tmp/backup/backup_access
(root) /usr/bin/cat backup_access

The strange thing is that it highlights in yellow (marking as 95% a PE vector) the last two letters (ss) of the directories where the user can execute the listed commands.
Are those real PE vectors or is a bug?