A plugin can spawn arbitrary processes so if neovim is not started in a sandbox (container, namespace, firejail...) they can basically do whatever your user has the right to do.

Pretty big supply chain risks here.

And often times sandboxing it is hard.

E.g.: what do you use to edit ~/.ssh/config or ~/.profile?