Conversely, a repository with stale branches, unresolved security issues (e.g., CVE identifiers assigned but unfixed), or missing contribution guidelines indicates low trust.