For the CTP (Cracking the Perimeter) course, most if not all of the exploits are available at the Exploit-DB or Metasploit, and yes all of them are manually added, some are verified, and therefore it's hard for backdoors to slip by the EDB Crew. :)
Those that are verified, are almost guaranteed that they will definitely not contain backdoors. In general, using code from The Exploit Database is safe, compared to other sites where malicious script kiddies and blackhats operate, where the actual site could host exploit kits, and the actual exploits, tools, etc., could contain backdoors / trojans.
Keep in mind The Exploit Database is hosted by (kind of like a subsidiary of) Offensive Security, so it's professionals, freelancers and enthusiasts with good intentions that hosts the database, checks the submitted exploits, etc., so you won't find many other sites like that, where you know you can trust the people behind.
You are right, that some exploitation vectors, including proof of concepts (actual exploit code), may need to be adjusted to fit to the scenario(s), just like a real pentest, but when you use e.g., pocs with premade shellcode, always check what it does with e.g., disassembly, before running it.
Most PoC's use Metasploit shellcode, and eventually if not already, you'll be able to spot a Metasploit payload from miles away just by looking at the beginning of the shellcode. Keep in mind, that even the Metasploit project could at some point, get infected (unlikely but not impossible), and whenever someone used the program they could potentially become victims of backdoors. This site you're browsing, could get compromised too and host unknown exploit kits that uses 0days, so trust is quite relative on the Internet :)
Therefore, always be careful with what you run. Especially from sites you don't know if you can trust. If the PoC's are only available in executable format (PE or ELF), you should of course, always be careful ;) When the source is available, try to read through the source and identify any bad code, or introduced errors to prevent abuse by e.g., script kiddies. (This is quite common in some PoC's.)
As you say, you're sceptical about using code from third party sites and you wouldn't have thought the course would encourage using these, but the thing is, The Exploit Database, BackTrack, and Offensive Security, are under the same roof, so none of them are third party to each other. They are in essence, one.
You are right, that some students may not be able to review and fully understand the exploit code / poc they are using during e.g., PWB, but CTP students should be able to.
I've never heard a student from Offensive Security have any malware problems with the PoC's they've used from e.g., The Exploit Database though, so if people stick to this site, I think they'll be safe for the moment. The PoC's on Exploit-DB, that works with the OffSec labs, has probably been reviewed by themselves, so they know that yes, there's a PoC on Exploit-DB and it works as intended. :)
I hope my feedback helped answering your questions ;)
I'm an InterN0T'er