OK, point taken. Though someone may not be able to afford a real expert, or know where to find a capable one.

In theory, a malicious USB device can not just compromise the OS in the sys-usb qube but also the USB firmware. See also: Reset / reinstall USB qube after compromise.
This gets to the main point of my question. So “in theory” it is not safe to use infected USB devices. In that thread @unman says “If the device has attacked the USB controller, then it’s done,
and nothing in Qubes will help.” but does not elaborate.
On the other hand, if it can only infect the controller attached to the VM, then I might be able to keep the other controllers “clean” (I still have to check whether I have more than one USB controller).
Also, you choice of words “in theory” makes it sound like it is questionable whether this had ever been done before.

See also: Proposed procedure for using untrusted USB drives .
So in that thread, @unman again states that a USB device attacking the system controller is a viable threat.
On the other hand, @alx’s post suggests this may not be the case:
Threat model:
After reviewing a number of published USB attack vectors, it seems that direct reprogramming of USB controller from a USB device has not been documented, demonstrated, or even suspected. At least I couldn’t find any references. If anyone knows about it, please let me know. Check this out: “Researchers from the Ben-Gurion University of the Negev in Israel have identified 29 ways in which attackers could use USB devices to compromise users’ computers” (https://www.bleepingcomputer.com/news/security/heres-a-list-of-29-different-types-of-usb-attacks/ ). Note, that none of the 29 attacks involve reprogramming USB controller directly from a USB device. Let’s put that threat aside.
Does anyone have further information on this topic so I can make an informed decision about the safety of using potentially infected USB devices?