So refuse output, wait until signing figures out which input corresponds to that registered output and ban that input.
Think about what you achieve with this. In this case you remove the bad egg from the round and make the coinjoin with everyone else. What if you keep the bad egg and make the coinjoin with it? It does not make a difference in terms of privacy for the rest of us.
But removing the bad egg makes the UX worse for everyone else by aborting the round.