So what's a solution to this? Install packages like this in Docker containers without network access? I don't think we should assume it's limited to AUR. Every software source should be considered suspect in 2026, particularly with the adoption of vibe coding, and closed software is a bigger mess than open source because it's a black box.

Yes, "untrusted" "app stores" should be sandboxed (including AUR, FlatPak, ...) Probably with a VM, at least as a default/option.

Flatpak