Keyboard Maestro has the ability to import macros disabled, and this is expanded in 8.0.
Deleting triggers and even disabling them deletes useful information - a lot of shared macros have useful triggers. Macros are also shared in macro groups, which makes the concept of a sandbox rather difficult.
Yes, it is absolutely possible for someone to post a malicious macro, so no one should install a macro unless they trust the source. However even all the precautions you suggest would simply hide the issue with a false sense of security - that same 99% of the userbase would import the macro and promptly move it out of the sandbox, add a trigger and run the macro because that is what they downloaded it for in the first place. 90% of users would not have understood the script you posted even if they had looked at it, and that is without any attempt to obfuscate what it does.
The only real solution would be some form of codesigning of macros and a trust system, something that has proved almost intractable for the whole tech industry, and frequently fails to avert harm, so it is not really a challenge I feel I am up to solving.
I could change Keyboard Maestro to import macros disabled by default, but that would almost certainly just frustrate users and train them to re-enable them / force them imported enabled.