aired-artifact
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several bash scripts (init-artifact.sh, bundle-artifact.sh, publish-artifact.sh) to manage the project lifecycle. These scripts perform standard file system operations, project configuration using sed, and invoke development tools like npm, npx, and the aired CLI tool.
- [EXTERNAL_DOWNLOADS]: The skill downloads a comprehensive set of frontend development dependencies from the npm registry to set up the React environment. This includes framework libraries (React), styling tools (Tailwind), and UI component libraries (Radix UI, shadcn/ui). It also fetches fonts from the Google Fonts CDN.
- [DATA_EXFILTRATION]: The skill uploads the generated single-file HTML bundle to the aired.sh service using the aired CLI. While this involves sending data to an external domain, it is the primary intended function of the skill and is clearly communicated in the documentation. The destination domain belongs to the vendor's ecosystem.
Audit Metadata