Yes, If you use our API forms or custom attributes, sanitizing and escaping are already included Fields - Developer Docs
For our part, we try to follow the best practices, and WordPress also prevents such attacks at its level. Also, please note that our code is open source on GitHub, so you can review it in more detail hivepress (HivePress) · GitHub