There is one single Trisquel repository (well, one per version, divided in
sections, and mirrored on other servers). It is managed by Trisquel
developers led by quidam (RĂºben Rodriguez).
"Add/Remove applications" does not show all applications. Only graphical
applications that a non-technical end user would want to install. What is
pretty subjective. I do not know who decides to show/hide an application in
"Add/Remove applications".
In contrast, all packages in Trisquel's repository can be installed through
the other interfaces: the "Synaptic package manager", 'apt-get', 'aptitude',
etc. All those packages should be free software. If not, Trisquel considers
the problem a critical issue.
If you install packages that are outside Trisquel's repository (in a PPA for
instance), then you are on your own: you need to check whether the provided
packages are free software. Notice that a PPA that only ships free software
today, may make you install proprietary software tomorrow. Along an
apparently insignificant update. They can even make you install malware! So,
yes, you need to trust whoever distributes the software.
To have a package enter Trisquel's repository, the best is to make it enter
Debian's. Ubuntu will then include it as well. And finally Trisquel.
