I am not sure if these factors are enough.
You are using the last version of the plugin.
The plugin was recently updated.
The plugin is in the WordPress.org repository.
The plugin is compatible with the WordPress version you are using.
A recently infected plugin would have fully fulfilled each of these point but still would have been a risk.