If it contains malicious code, can it harm the host system?
Of course it is possible, so there is the concept of official mirror image.
It is best to analyze Dockerfile by yourself. If there are other files copied, read them through as much as possible to ensure controllability.