Bailian Subagent Skill

Security checks across malware telemetry and agentic risk

Overview

The skill openly delegates work to Bailian and writes memory to MaxCompute, but it hardcodes an external project and gives broad long-lived write guidance using cloud credentials.

Use this only if you intend to use Bailian/Alibaba Cloud and you trust or control the `samuelhsin` MaxCompute project. Use a least-privilege AliCloud account, do not store secrets or personal data in `agent_memory`, and require explicit approval before delegating sensitive documents or writing long-term memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The delegation trigger 'Any task estimated >2000 tokens' is overly broad and can cause the agent to send large amounts of user content to an external subagent service without clear necessity, data classification, or user consent. In this skill, that risk is amplified because delegated tasks may include sensitive documents, web content, and database operations, increasing the chance of unnecessary data exposure to a secondary runtime.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises read/write CRUD access to a long-term memory table but does not warn that data may be persisted for 3650 days or that writes can alter durable state. This is dangerous because users or downstream agents may store sensitive, incorrect, or unwanted information in persistent storage without informed consent or retention controls.

VirusTotal

No VirusTotal findings

View on VirusTotal