They could at least give some "trusted" users the ability to quarantine games, to shorten the exposure from the start of a report to the time staff reads the report.
And they do not even have to tell those users nor trust them. If you make a report while being logged in, they know who made the report. They could easily have a running average statistic about the quality of those reports. There is subcategories for reports and a malware category was introduced, so even that can be sorted accordingly.
So even if that user has a crappy ratio of 1 false report in 5, I would rather have 4 malwares being quarantined immediatly and 1 legit game queued for staff inspection than all 5 being visible, despite a user noticing that there is suspicous activity.
Oh, and there are legit games in quarantine all the time. What is more important? Protecting the users that think itch is a respectable site that hosts no malware or protecting the few games that get reported in error from being quarantined for a few days, till the misunderstanding clears. It might be a bad experiecne for a new developer to be quarantined, but I believe the experience of being hacked is far worse.
The issues is as follows: too few users checking out games to begin with. The scammers face the same problem as all the indie devs. Getting people to download the project. So if real developers barely get some downloads let alone ratings or comments, the time bombs uploaded by the criminals have it equally hard. So reports on malware should be treated with that in mind. I saw a year old project where people openly talked about the scam being a scam, but none of those people apparantly found the report button at the bottom or bothered to report.