Security risks using outdated android

Hey guys, in my previous post I briefly mentioned using kali nethunter on a nothing phone 1. When I set it up and flashed it with magisk it was running nothing os 2/android 13, but for some reason magisk never created a stock backup image and I can’t follow the official ota update guide using the a/b partitions, so it’s just stuck on a13 for the time being. I still get the play system security updates and app updates (i only enable the play store long enough to apply necessary security updates and then I disable all the google bloatware again).

I’ve found that I really like nothing os and I’ve been debating spinning up an esim to use in it so I can test drive it as a normal phone while I’m out at work or doing errands and stuff like that. Initially I just left the cellular data off and relegated it to wifi-only in my apartment purely for nethunter use, but I’d like to be able to use it on cellular data for streaming music, browsing, navigation, etc. Aside from the nethunter apps, the only other apps I have on it right now are mulch, clipious, molly, and rimusic; for app stores I have accrescent and the divest f droid repo (i don’t use the official f droid repo)

So if I stick to trusted repos, use minimal apps, keep personal/sensitive info off the device and keep up with app/play security updates with general common sense opsec is there any real critical security risk using it for normal phone stuff? I know android 13 isn’t super outdated but I’m used to the bleeding edge life and anything outdated makes me nervous.

And just for general reassurance, no I will absolutely not be using any of the kali stuff outside my place, that’s purely for my own educational purposes on my own home network.