See reviews. More reviews - less risk. Well, by and large, the risk is always present. You can find a freelancer from your city and transfer the data to him in person, you can even conclude an agreement.

Some of my clients prefer to work with GIT repositories/version control (eg Bitbucket ). For small projects, it's free and safe. I make corrections, and the customer sees what exactly I changed and in which files. In your case, a third-party developer will pick only CSS, and will not make edits in other files - because he knows that you see every change. And you yourself place the already debugged code on the main site. Yes, and many questions disappear, did it work, did it, who exactly did it, and of course "who is to blame" :)

See reputation. A dude making 250k a month won't paste a link that pays 2 cents per click.

You can also compare files before and after. And see the differences - what kind of code is there.

studio agreement.

They say right - look at the reviews and trust. Otherwise, it doesn't matter.
There is a paranoid option - to make a complete copy of the site, give access to it - let him do everything there. Then find a security specialist and ask him to test the site for changes.

Yolki are sticks. No one in their right mind gives access to production to just anyone. For such tasks, there are version control systems and staging. If it's super complicated - you give the freelancer a database dump and a copy of the site (or a link and rights to a Git turnip), he deploys a development copy, makes edits, commits to Git / sends you an archive / shows it on his server. After the work is approved, transfer the edits to yourself.