Open Core locks important part of a product away behind a proprietary license. If you build on it you need to hope that the company will hang around. If it ever goes away you have to hope that they do the right thing a relicense it.
Whether that part is important depends on how you use that product. A lot of open core models specifically target enterprise users with their premium features.
Likewise, the risk only applies to the premium feature set. If those are that crucial to your operation, you would assess that risk more or less in the same way that you assess a proprietary product - because that is what it is.
For example, if all the security features are essential to your work and you pay for the ultimate version, then Gitlab is more or less a closed source product for you. However, if you are a big company and use self-hosted free version of gitlab to have a cheap inner source hosting for all employees, then it is exactly as if you use an open source product.
There are more nuances of course in a real assessment, but basically the open part is open source and the closed part is proprietary. Very simple.
