So far I get the impression that if a person uses up-to-date Tor Browser and doesn’t bring data from it to the outside world, they’re safe
I would say it depends, since there are also attacks outside the Tor-Browser.
So if you are targeted by a state level attacker, you should try TailOS instead of the normal Tor browser.