So what's a solution to this? Install packages like this in Docker containers without network access? I don't think we should assume it's limited to AUR. Every software source should be considered suspect in 2026, particularly with the adoption of vibe coding, and closed software is a bigger mess than open source because it's a black box.
As much as I hate to say it, the Qubes OS people were right. The solution is aggressively isolating apps into virtual machines. Anyone know how much my battery life is going to suffer if I bite the bullet and switch?
Yes, "untrusted" "app stores" should be sandboxed (including AUR, FlatPak, ...) Probably with a VM, at least as a default/option.
Flatpak