This is the number one risk. Legitimate repos (BigBoss, Chariz, Havoc, Packix) have quality control and trusted developer vetting. Cracked repos have none.
However, operating a cracked repo or distributing cracked .deb files is a violation of the Digital Millennium Copyright Act (DMCA) and similar laws worldwide. Repo operators have faced cease-and-desist letters, and on occasion, hosting providers have shut down entire pirate networks. Sileo Cracked Repo
Sileo itself is open-source and free. The controversy begins with what repos you point it toward. This is the number one risk
Not all third-party repos are cracked. Some host free, open-source tweaks. Here is how to spot a pirated source: and on occasion