Right, and you authenticated it how?
If it should be from a known, reliable HTTPS webpage, the risk would be similar to the install of an Firefox add-on. Assumed there should be no virus that detects downloaded Debian packages on Windows machines, to add malicious binaries to the packge.
"dpkg -i doubtfulpackage.deb"
No risk, no fun! Have fun, Ralf