Risk of moving templates created by qubes-builder to dom0

It seems like the best practice for building some templates is creating a disposable container for running qubes-builer to produce a template RPM for dom0, but this is in contradiction of the advisory to not copy files to dom0 from untrusted domains

There are some references about Qubes using shared memory to reduce parsing done on data between domains but this can’t apply for templates because dom0 directly interacts with the RPM package created for templates

Are we assuming the disposable build chain produced for qubes-builder is trusted for this purpose

It all depends on what you trust on your system. If you use a specific qube to build the templates, then you should be good to copy to dom0 without issues. Maybe using a minimal template for the building process can be better since there are fewer packages than a normal template (so fewer risk of a compromised qube).