By default, all VLANs on a trunk are trusted. You would "untrust" a VLAN on a trunk if you wanted wired users only on that wired VLAN to get a captive portal when that wired user traffic is coming into the controller, for example. 99% of the time it would be the default, which is trusted and passing traffic