There are two scenarios, there is automation created by Citizen Developers and they will consume their automation individually. The second scenario is for Citizen Developers to promote and share their automation with others. This is the case where we would set up a governance model to ensure the processes developed by up to standard, and it should be reviewed and managed by the CoE after the publishing.
How do you recommend governing the release of Citizen Developer processes?
Maybe this article could help.
It goes over different control points necessary to create a safe citizen developer program.