.
You should carefully review anything you install from AUR. No review happens there at all. Everyone can upload anything he likes.
Yes, and PKGBUILD files with bad intentions have been published there in the past (https://lists.archlinux.org/pipermail/aur-general/2018-July/034151.html).
But both Manjaro (https://wiki.manjaro.org/index.php/Arch_User_Repository) and vanilla Arch (https://wiki.archlinux.org/title/Arch_User_Repository) point out the possible dangers clearly enough in my opinion. Apart from that, it is definitely easier for users to check for example the PKBUILD files in the AUR than ready-made packages in a PPA for Ubuntu.