In my opinion, this is the most important part so if you only check one thing, this is a good start. 
The next would be to make sure there are no invocations of su or sudo
Another good thing to do is turn on the package diff menu in yay and have it show you the diffs when AUR packages are updated. This will show you what changed between one version and the next so instead of having to review the whole thing each time you can see just the changed lines which will usually only be the version and the checksums.