You can see the activity in the past, which plugins are included, also those included in enterprise support are probably part of some internal review processes.
For other 3rd-party app, I would be careful. There are usually repositories of each app, so you can probably check for some no-gos yourself (are commits reviewed, how many contributors, possibly with NC experience, participate, loading of external content, …).