Comment by briHass

Nonsense. WinGet has the ability to add repositories, just like any other package manager. If you want the 'approved' packages for the distro, that would be the msstore repository. If you want to use the 'community feed', which WinGet warns you about the first time you use it, it's less vetted, but still goes through Defender scans and community moderators.

If you go adding any old repo to APT, you have the same risk. You should look at how much code review goes into packages for major distros like Debian, hint, not much, especially once the initial package was accepted.