Did you run it in bash, or in sh? It won't work in a strictly POSIX sh (in that context, I assume `type` will attempt to query each argument as if it were a PATH candidate, and then return nothing).

For reference, this works for me in Bash 5.2:

    test -v 'x[$(cat /etc/passwd)]'

I ran it by creating a file named "guess.sh" with the function and a `guess "$@"` call to it, then passing 'a[$(cat /etc/passwd > /tmp/pwned)] + 42' as a parameter to the script. Bash 5.2.

What shell and what `test` are you using?

In this case I did some tests with latest dash and latest bash. I tested only with builtin `test`.