No one’s job is to screen PKGBUILD of AUR packages so it’s technically not safe to use them. That being said the large community is keeping an eye on these packages and, while problems are not fully preventable, malicious stuff are caught pretty quickly.

So, to contrast with my first statement, one could argue that it’s mostly safe to use AUR. That’s even more true for packages used by a ton of people because issues/risks will be flagged almost immediately should they ever exist. That’s the case for browsers, especially when developers themselves offer an AUR package (like Librewolf: https://librewolf.net/installation/arch/).

Packages from the AUR basically do what is written in the PKGBUILD and install script so that’s why everyone will instruct you to learn about that before installing AUR packages with an helper. That’s too much for some people though and at the end of the day you also have to trust the person who wrote the source code and which is compiled locally.

Nothing is 100% safe. I personally have 96 AUR packages installed because there’s no other packages available (this includes stuff like my windows manager, python tools, 3D slicer, web browser…).