The key here is to decrease your dependency on potentially evil people.
Dalto wrote a great FAQ about third-party repos that everyone should read:
I would like to add to this that third party repos that automate building packages from the AUR like, for example, the Chaotic-AUR, seem especially dangerous to me. If I were a malicious person wanting to spread my malware, one way I could potentially do it is through the Chaotic-AUR, since it automatically builds packages from the AUR and there is no checking of PKGBUILDs. So all it would probably take is to upload a malicious PKGBUILD to the AUR at just the right moment for it to get pulled to the Chaotic-AUR.