Once you install non-standard repos, all kinds of horrible things can happen, including not being correctly patched for security. You could however, carefully check the specific dependencies of the package that you’re interested in, and decide if it’s completely stand alone or if it will clash. In addition to this, check the licensing and make sure everything you install is 100% open source.
and the files in /etc/yum.repos.d - links in there will list mirrors but you can change the links etc.
the variables used in those files are typically taken from files in /etc/dnf/vars of the same name so for instance echo '8.5' > /etc/dnf/vars/releasever would override the default value for $releasever (adding entries in /etc/dnf/dnf.conf doesn’t seem to have an effect) - view the current values with dnf config-manager --dump-variables
Also see rpm and dnf man pages for dependency info.
For 1, I don’t think that there is any priority by default. The Yum had priority plugin, but I can’t say whether that was reliable nor is it there for dnf. Some plugins might protect the base repos. The preferred approach is to not use (multiple) repos that provide “same features”.
For 2, again, source repo of currently installed package is not used.
However, 2c, you can add exclude=xyz* into section of a repo in order to exclude “xyz*” packages from that repo.