d3fend_defense_lookup

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already declare readOnlyHint=true, so the description doesn't need to state safety. It adds value by detailing rate limits (30/hr free, 500/hr Pro), error behavior (404 on missing slug), and the specific response fields including attack_techniques. This goes beyond what annotations provide.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single paragraph that front-loads the core purpose. It efficiently packs domain context, usage hint, error handling, and response structure without overly verbose language. A minor improvement could be explicit separation of sections, but it remains concise and readable.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the simple input (one required string param) and the presence of annotations and output schema description, the tool description is fully self-contained. It explains the D3FEND framework, the response fields, the relationship to ATT&CK, and error conditions, leaving no ambiguity for an AI agent.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% coverage with a detailed description including format (CamelCase slug) and examples. The tool description reinforces the purpose of the parameter and the expected usage context. This adds meaningful context beyond the schema alone.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool 'looks up a MITRE D3FEND defense technique' and explains D3FEND's role as the defensive counterpart to ATT&CK with specific tactics and artifacts. It distinguishes itself from siblings like d3fend_defense_search by stating it provides the full record + ATT&CK chain after search.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explicitly says 'Use after d3fend_defense_search for the full record + ATT&CK chain', providing clear context for when to use. It also explains the 404 error case when the slug is not found. While it doesn't list exclusion scenarios, the guidance is actionable.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.