Scenarios exist where it would be handy to run untrusted PromQL queries. This has the potential to DoS the queried prometheus instance by running very expensive queries.

Prometheus has protections built in at the instance level (the -query.timeout and -query.max-samples cli arguments). These arguments are currently passed to the Querier when prometheus is started.
Its not immediately obvious why this can't be a per query limit and this JIRA is intended to track investigations as to that.
One major issue is likely how to provide a user interface to pass this limit.