It’s not any different from running a random bash script, which is why according to the Arch wiki, users of the AUR should “verify that the PKGBUILD and accompanying files are not malicious or untrustworthy.” That’s also why good AUR helpers ask if you want to look at the PKGBUILD every time you install or update anything, because best practice is to read them every time so you know what it’s doing.
The AUR there for convienience, which means it tends to get used by newbies who really probably shouldn’t be using it. But I also won’t pretend that I follow the guidance every time myself.
It’s not any different from running a random bash script, which is why according to the Arch wiki, users of the AUR should “verify that the PKGBUILD and accompanying files are not malicious or untrustworthy.” That’s also why good AUR helpers ask if you want to look at the PKGBUILD every time you install or update anything, because best practice is to read them every time so you know what it’s doing.
The AUR there for convienience, which means it tends to get used by newbies who really probably shouldn’t be using it. But I also won’t pretend that I follow the guidance every time myself.