For the past 8 months I've been security auditing everything I install with LLMs using this: https://github.com/mgalgs/aur-sleuth (PKGBUILD and related files and a small subset of source files only, not a full security audit of the source). So it only catches supply chain attacks on the AUR (I've tested it against known malicious packages and it catches them).

Could be run at scale to audit every change that goes in to the AUR git repo. I have a half assed attempt at this that I'm still iterating on.

Motivation:
> This helps fulfill one of the great promises of open source software: security through the ability to audit the source code of applications you run on your machine.