How does h5p control security for a contenttypes?

I've been checking the forum and web for info about how you control and test the security for both new submitted contenttypes and the older ones, but I can't find much info about it except the securitymodel (https://h5p.org/documentation/installation/security).

We use h5p in Moodle for students and need to know whether if there are any contentpackages linked to security risks, we are for example unsure about Twitter User Feed and appear.in for Chat and Talk in regards to students using them.

What specific controls and tests related to security do you do for contenttypes? And is there anything we can do on our end to ensure it's safe to use? Should we turn of automatic downloads of new contenttypes?

Thanks!!