The help of "Trust" in "Discover pull requests from forks", talks about trusted files, but does not give a hint where they can be configured if it is possible.
Also a warning about the importance of understanding the security implications of letting others run a build. Which files drive the build process? What are the opportunities for a malicious PR author to leak credentials or access trusted resources? An often overlooked part is the tests, which may require some credentials to integrate with other systems, and by the nature of it, can anything programmed in the tests with those credentials.
Also, without appropriate isolation measures everything accessible for the jenkins OS user is accessible for the tests.

I guess I have left important points out, some of the above are mitigated by other jenkins plugins, and I am sure there are good articles about these security considerations.

My main message is that if there is no appropriate warning here, then the user might have a false sense of security by using this setting alone.