Thanks for your post.
I'm not sure to understand what you mean...
Crystal already has its own repositories for Crystal's specific packages and a few others.
Since you claim the community repo to be a trusty source, I assume you're talking about AUR packages? So the idea would be to clone, check, verifiy and trust those packages and then put them on our repositories?
To be honest, I don't think it will happen anytime soon. Unless we want to provide a prebuilt version of an AUR package for our installation process (which we already do for some specific packages), I'm not sure there's a point of doing this.
Indeed, even though the AUR might not be as trusty as the Arch repo themself, there's actually moderators for the AUR, namely Arch's trusted users. Doing check/moderation ourself on AUR packages would be an enormous work which is normally already done by Arch's TUs.
Also, veryfing the integrity and the trustiness of an AUR package basically consists of reading/checking its PKGBUILD, which our AUR helper
amethyst already offers.
I'm obviously not saying the idea is bad, but it will be a big effort that we can't handle and that would not be as worth as it might looks, in my opinion.