Well, they are putting their own devices at risk by doing that. Are they attaching the files or sending a link to the PDF for download? An attached file would go through the systems of the social media site and get flagged if any concerns are detected. Do you see a preview of the file in the social media app?
A link however is more difficult to detect issues, this would be directly downloaded to your device and while unlikely to cause harm, it is possible.
Is there some reason these have to be shared via social media and not a more trusted share-space?
Other options would be:
1. Disable JavaScript on your PDF reader.
2. Don't allow your PDF reader to execute Non-PDF files using external application.
3. Keep Macros disabled. Malicious files may try persuade you to enable but you shouldn't unless necessary.