BadHost: One Char Bypasses Host-Based Security Across the Python AI Stack