github_list_secret_scanning_alerts

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description bears full responsibility. It mentions routing through `/api/tools/invoke` with JWT scope, but that is technical infrastructure, not behavioral. It does not disclose that this is a read-only operation, any rate limits, pagination behavior, or required permissions beyond the generic routing note.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is short but includes unnecessary technical routing details that do not help the agent decide when or how to use the tool. The parameter description is generic. It could be more concise by focusing on purpose and expected arguments.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Although an output schema exists (so return values need not be described), the tool is a list operation that likely requires parameters like owner/repo. The description fails to specify that it lists alerts across repositories or a specific scope. It lacks essential context about prerequisites (e.g., GitHub Advanced Security) and does not communicate the scope of the listing.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The single parameter 'arguments' has 0% schema description coverage. The description says it is a 'JSON string of arguments for the connector operation', which adds only that it's JSON. It does not explain what fields are expected (e.g., owner, repo, state), their formats, or constraints. This is insufficient for a parameter with no schema documentation.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description names the operation 'list_secret_scanning_alerts', clearly indicating it lists GitHub secret scanning alerts. However, it does not distinguish this tool from sibling tools like `github_list_code_scanning_alerts` or `github_list_dependabot_alerts`, which are similar list operations for different alert types.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It does not mention that this tool is specifically for secret scanning alerts, nor does it advise against using it for code scanning or Dependabot alerts. No usage context or exclusions are given.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.