I think there is a misunderstanding, what running locally means.
You can run a gitlab runner on your local machine, but it needs to pulls it’s jobs from git. It also requires gitlab to register your runner, so it can’t really work for new contributors to use themselves.

Run your CI in a sandbox.
For example gitlab allows you to run in a docker image.
Unless the attacker knows a docker CVE or is willing to waste a specter style 0-day on you, the most they can do is waste your cpu cycles.

Apart from the obvious lack of portability, compilers write better assembly than most humans.

Maybe to build one of those shitty websites where you can’t select text because every letter is in its own element.