When building PRs from origin (not forks), their Jenkinsfile is not treated as trusted and loaded from the base branch instead:
Loading trusted files from base branch develop at 3ad383ee0eeffc92c9712dc8e3022c4b43a75c94 rather than 3e2b6e35cbf0fd2d4c029fcd23560f04b1976618
[x] Build origin branches
[x] Build origin PRs (unmerged head)
IMHO any PR from origin should be treated as trusted. There is no issue with building their branches via "Build origin branches also filed as PRs".