I mean technically so are repos to some extent. Many of them have very few maintainers and you are basically just blindly trusting that they won’t both miss anything malicious nor be the cause of it.
A little safer but not some ultimate Bastion of safety
If it’s in the AUR you can use a arch distrobox container
I’d be really careful with the AUR since it is the wild west
I mean technically so are repos to some extent. Many of them have very few maintainers and you are basically just blindly trusting that they won’t both miss anything malicious nor be the cause of it.
A little safer but not some ultimate Bastion of safety
Not really as repos go thought testing and most distros have reproducible builds.
AUR packages can be submitted by anyone with no testing or validation for the most part.