It's true that most languages's build systems (nim, rust, autotools, makefiles, etc) are unsafe to execute if you do not trust them.
Go does stand in contrast to this. `go get` and `go build` cannot execute arbitrary code, and if you use those two commands to build untrusted code, in theory your machine should still remain uncompromised. They release CVEs for any issues here (such as https://github.com/golang/go/issues/29231).
Of course, if you run the code you compiled, that is unsafe, but just compiling it is supposed to be fine.
Go does stand in contrast to this. `go get` and `go build` cannot execute arbitrary code, and if you use those two commands to build untrusted code, in theory your machine should still remain uncompromised. They release CVEs for any issues here (such as https://github.com/golang/go/issues/29231).
Of course, if you run the code you compiled, that is unsafe, but just compiling it is supposed to be fine.