NextDNS never unblocks false positives in their Threat Intelligence Feeds and AI-Driven Threat Detection, you can easily find this out by searching "false positive" in their forum and you will be able to see false positives hasn't been unblocked even after years. I think it would be better to make users use OISD with hagezi instead of enabling Nextdns TIF and AI threat detection.

Also, google safebrowsing wasn't meant to be used as a DNS-level blocker and from my observation sometimes cause issues with cname because google safebrowsing thinks cname domains operated by actual owners are scam domains impersonating real ones. It also takes them months to remove a false positive. In my option it is better to leave this disabled and use the browsers built-in safebrowsing