That's a good argument for not running IaC tools on your own workstation but on a dedicated machine where the environment is also somehow vetted.
On the other hand I am not sure how to actually vet all used tools. For instance if you take Helm there are many pointers to repos for various Linux distros and other OSs: https://helm.sh/docs/intro/install/
Who to trust? While the Helm page says "members of the community" are in charge of the Ubuntu repo the Fedora repo is called an "official repository". Presumably judging from the OP that means "official Fedora repo" opposed to "official Helm repo".
So essentially there are no repos of the Helm maintainers which makes installing and auto-updating it on any Linux distro virtually impossible.
On the other hand I am not sure how to actually vet all used tools. For instance if you take Helm there are many pointers to repos for various Linux distros and other OSs: https://helm.sh/docs/intro/install/
Who to trust? While the Helm page says "members of the community" are in charge of the Ubuntu repo the Fedora repo is called an "official repository". Presumably judging from the OP that means "official Fedora repo" opposed to "official Helm repo".
So essentially there are no repos of the Helm maintainers which makes installing and auto-updating it on any Linux distro virtually impossible.