roddyd I read that GSF is just a compatibility layer that allows Google Play Services and other apps to work in GrapheneOS.
Not exactly. GrapheneOS implements a specially adapted "sandbox" for GSF to allow GSF to operate on GrapheneOS without the same intrusive access to the system that it would have on a conventional build of AOSP. GSF itself is a non-trustworthy set of closed source programs that provides google with access to and control of your phone and all of the data that flows through it. On GrapheneOS, it only has access to data based on the granted permissions, so the security threat is no different than installing any other untrustworthy application.
So the risk of using GSF, even on GrapheneOS, depends on YOU and what data you make available to it.
Also note that as a matter of principle, anything that I perceive as trying to violate my security or privacy, is not welcome on my equipment, no matter how well "sandboxed" it is.