Even if you don’t have systems on the far side of the air gap infected, you can still e.g. steal private keys from their CPUs by analyzing EM or acoustic leakage. So in addition to an air gap, you need an EM gap (Faraday cage) and an acoustic gap (a room soundproofed for all the right frequencies).
In general, any physical channel that leaks information might be exploited.
Even if you don’t have systems on the far side of the air gap infected, you can still e.g. steal private keys from their CPUs by analyzing EM or acoustic leakage. So in addition to an air gap, you need an EM gap (Faraday cage) and an acoustic gap (a room soundproofed for all the right frequencies).
In general, any physical channel that leaks information might be exploited.