Even people who do read the content of every AUR package they install could use a helpful heads up and some detail in the new threat they should be looking for.

If a package is compromised, I think most people would prefer their workflow be broken than risk installing that package.