The security concern raised here is worth thinking through. Third-party CI runners see your workflow environment — that's the actual trust boundary.

For public repos (the primary target here), the bigger practical concern is usually the opposite: your workflows fire webhooks to external systems and you have no visibility into what those systems actually received. This is especially true when integrating notification or deployment hooks that run after a successful test suite. The architecture step (source → RISC-V runner → build artifact → deployment hook) adds another hop where payloads can be malformed or swallowed silently.

The Linux Foundation backing does address the trust question well. RISE's membership list reads like a who's who of RISC-V commercial stakeholders — the incentive structure is to build trust in the ecosystem, not undermine it.