If you worry that much, but willing to spend money/time for testing, then Trezor isn't best option for you. You better use airgapped computer where you choose OS/software you could trust and use QR code as medium to transfer unsigned/signed transaction.

Otherwise, i would repeat what @jackg said about basic security awareness/research from user side.