No concrete evidence can be found, because all procedures are internal and hidden from plain sight, except for Mozilla, but even there not everything is viewable. (SalesForce database - I think - is not viewable for individuals) However, I can see that commercial CAs are trying to stop ISRG Root from being trusted: Actually, there is evidence here: This post: Letsencrypt's validity duration affecting SE ranking? - #5 by CvP
Clarify that LE's intention is not to check whether malicious content is delivered at all, but whether the Subscriber owns and fully controls the domain name. And that exactly this is the purpose of DV certificates. Nothing more, nothing less.