Do be aware that an autounattend.xml can cause Windows setup to execute arbitrary code. Their provenance matters too. It's relatively easy to encode scripts (or even binaries) into the XML to run during or after Windows setup. You can eyeball them, for sure, but I bet most people don't.

Indeed. I mention this in light of the high-profile supply-chain attacks recently across diverse platforms (Arch AUR, Shai-Hulud, etc). Any online tool that purports to modify an entire install medium should be heavily and continually scrutinised. I'm not saying the developer can't be trusted, but the infrastructure and people in general can't.