Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations provided, so the description carries full burden. It adds behavioral context by specifying the analysis includes AST parsing, function extraction, and vulnerability detection, which is useful and implies a read-only operation. However, it does not disclose side effects, permissions, or output format.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.