Risks of signing?

So I feel I do more and more signing with L2 and OpenSea and other services where you are not directly transacting. I'd like to understand the risks involved.

I think I've understood there to be a risk of signing something that is a cleverly composed transaction, allowing the attacker to steal funds. Is this correct? How do you identify it?

I've at least seen these types of signing: * what appears to be base64 * what appears to be JSON * what appears to be byte data

How can I feel safe, and what risks am I facing? Thanks for any insight!