The bright side is, that you run it in a container. Beware of privileged mode, don’t give it unnecessary mounts or networks, and there’s very little some malicious code can do.

If you’re using it for a build system, tough luck but you need to manage the keys to avoid TOFU, and ideally pull from your own registry.