Bailian Subagent

The skill's instructions ask the agent to delegate work (including running DataWorks/MaxCompute SQL) to an external 'bailian' subagent and to supply cloud credentials in the task text, but the skill metadata does not declare those credentials or explain where the subagent runs — this mismatch and the advice to embed secrets are concerning.

This skill asks you to delegate work (including running SQL against DataWorks) to a 'bailian' subagent and explicitly tells you to put cloud credentials into the task text. Before installing, ask the publisher: (1) Where does the bailian subagent run and who controls it? (is it an external service, a hosted model, or local?) (2) How are credentials and task payloads transmitted and stored by the subagent? (encryption, retention, access control) (3) Why are there hardcoded project/resource IDs and is that your project? If you must use this, never paste long-lived production credentials into task text — use short-lived, least-privilege keys, or a proxy service that mediates access. If the publisher cannot answer these questions, or you cannot verify the subagent's operator/trustworthiness, do not use it for anything involving secrets or production data.