endpoint_vulnerability_filter

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description must carry full burden. It discloses the HTTP method and return type but does not mention rate limits, authentication, side effects, or response format. The list of allowed values adds some transparency, but overall lacks depth for a POST endpoint.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single string that front-loads the purpose, method, and path, then lists required parameters and allowed values. The large list of allowed values is necessary but makes it lengthy. It is efficient and packs essential info, though could be better structured (e.g., bullet points).

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

With 10 parameters, no output schema, and no annotations, the description covers purpose, required params, and allowed values. It does not explain the body parameter, sorting, pagination, or response format. Adequate for basic use but lacks completeness for a complex filtering tool.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with basic descriptions. The description adds value by listing required parameters (q, from, size) and enumerating all allowed values for analyticsEventAction, which is not in the schema. However, note the schema marks these as optional (default null), so the 'required' claim may be inconsistent.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states that the tool returns events, provides the HTTP method POST and path /endpointVulnerability/filter, and lists required parameters and allowed values for analyticsEventAction. This is specific and distinct from sibling tools like endpoint_vulnerability_count.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description mentions required parameters (q, from, size) and allowed values for analyticsEventAction, but does not explicitly guide when to use this tool versus alternatives like endpoint_vulnerability_count. The context is clear but lacks exclusions or comparative guidance.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.