Question about ERC20 tokens and malicious contracts z

So I’m taking a gamble on some memes this cycle as a leveraged ETH play.

I’m buying them on Uniswap wallet (the mobile app), as I never connect my cold wallets to dapps etc.

So here’s what I do…

Buy ETH on Binance, send on-chain to Uniswap wallet, and swap for whatever tokens I’m interested in.

So my question is…

Is it safe to then send these tokens to my cold wallets for storage, or is there a risk the tokens themselves when bought, and sent on-chain to a cold wallet could somehow drain the cold wallet?

Or is the only risk when I’m doing the actual swaps in Uniswap wallet?

I’m trying to understand the danger of malicious contracts and at what point they can steal your funds. My understanding so far is the risk is only there when doing the actual swap.

I use dexscreener to check tokensniffer score etc before doing any swaps but I just want to be extra careful here with what I’m doing.

Would really appreciate some input on this.