I mean technically so are repos to some extent. Many of them have very few maintainers and you are basically just blindly trusting that they won’t both miss anything malicious nor be the cause of it.
A little safer but not some ultimate Bastion of safety
I’d be really careful with the AUR since it is the wild west
PKGBUILD is not sooo hard to read… And, there is Voting and comments, and, you can be sure people would complain if something is fishy
I mean technically so are repos to some extent. Many of them have very few maintainers and you are basically just blindly trusting that they won’t both miss anything malicious nor be the cause of it.
A little safer but not some ultimate Bastion of safety
Not really as repos go thought testing and most distros have reproducible builds.
AUR packages can be submitted by anyone with no testing or validation for the most part.