For comparison, I wonder how vulnerable Flathub (flatpak's primary repo) is to these kinds of manipulations... Seems like every app manifest there is publicly available and is compiled on their servers, presumably making it easier to spot shady apps and updates, and the submission process requires manual approval.