Relevant excerpts from Frequently Asked Questions | GrapheneOS
User profiles each have their own unique, randomly generated disk encryption key and their own unique key encryption key is used to encrypt it.
GrapheneOS enables support for ending secondary user profile sessions after logging into them. It adds an end session button to the lockscreen and in the global action menu accessed by holding the power button. This fully purges the encryption keys and puts the profiles back at rest.
each of those profiles still ends up with a unique key encryption key and a compromise of the OS while one of them is active won’t leak the passphrase.
So… the answer is that if the OS is compromised and the other profile is locked, then the data is totally inaccessible. However, active profiles may be compromised.
There is no spyware publicly known to impact GrapheneOS.