GrapheneOS has a lot of security features and improvements, about which you can read at https://grapheneos.org/features. However, nothing is completely secure. An highly sophisticated malicious app could even hack GrapheneOS, or it could just fool the user into granting it permissions.
Simon64 Downloading via Aurora store wouldn't mitigate it
Yes, Aurora store simply downloads applications from Google Play servers.
Simon64 as i have understood it's just a privacy layer on top of play store.
Aurora store is an application that can download applications from Google Play servers. It is not an privacy layer on top of the Google Play store application, which can also downloads applications from Google Play servers. For privacy, Aurora store allows you to use so-called "Anonymous" accounts, which are shared with other users, but they aren't really "Anonymous". Aurora store also allows you to spoof your device model.