Author here. There's no AI-generated code in this. But yes, security hardening this has not been a priority of mine (though I do have some ideas about fuzz testing it), so for now - like with many small libraries of this nature - it's convenient but best used only with trusted inputs if that's a concern.

A lot of risks compared to what? I imagine bugs in kernel drivers or disk utilities be riskier.

Such as?