Ultimately, the safest approach is to decline the request, explain the potential risks, and suggest they provide more context or verify the file's legitimacy through security tools. That way, I'm not endorsing anything harmful, and I'm guiding them toward a safer approach.