Don't tell me you're gonna put your public key in a website form?

Also, if you happen to use 3 different wallets in a multi-sig across 3 different devices, using airgapped communication, this is not going to happen. Shoot just verifying your software isn't malicious before using it ought to be enough.

Also there's this: https://blog.blockstream.com/anti-exfil-stopping-key-exfiltration/