ai-elements
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches audio samples and configuration data from Vercel's official storage domains (e.g.,
vercel-storage.com). This is documented inscripts/audio-player.tsxandreferences/voice-selector.mdas standard behavior for a component library and is considered safe. - [DYNAMIC_EXECUTION]: Includes the
JSXPreviewcomponent which usesreact-jsx-parserto dynamically render JSX strings (references/jsx-preview.md). While this interprets string-based code, it is the primary function of the component intended for AI UI generation and uses a parser rather than arbitraryeval(). - [DATA_EXFILTRATION]: No sensitive file access or unauthorized network operations were detected. All network requests observed in the scripts (e.g.,
scripts/audio-player.tsx) are directed towards trusted infrastructure for media assets or well-known documentation sites. - [SAFE]: The skill follows security best practices for secret management as seen in
references/integration.mdby recommending the use of environment variables (.env.local) for API keys rather than hardcoding them.
Audit Metadata