Yes, it's a canvas library, there's a lot of risks of including AI generated code that hasn't been checked in a rasterizing library.

Author here. There's no AI-generated code in this. But yes, security hardening this has not been a priority of mine (though I do have some ideas about fuzz testing it), so for now - like with many small libraries of this nature - it's convenient but best used only with trusted inputs if that's a concern.

A lot of risks compared to what? I imagine bugs in kernel drivers or disk utilities be riskier.

Such as?

Yes.