When we look at the SWI Prolog pack list we find the following sentence in the description:
Installing a pack does not execute code in the pack, but simply loading a library from the pack may execute arbitrary code. https://www.swi-prolog.org/pack/list
I do think that this is false. As far as I know,
make is executed by default when a Makefile is present in a pack. This means that installing a pack could in theory also execute arbitrary code because a malicious Makefile could be present. Therefore I think that the description on the pack list should describe the risk of installing packs as well.