frontend_security_audit_manifest

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

The description goes beyond annotations by detailing the verdict criteria (BLOCK, CAUTION), data sources (OSV.dev, deps.dev, npm registry), and constraints (500 KB max). It clearly states the tool is read-only, has no side effects, and is idempotent, consistent with the annotations. No contradictions.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is detailed but efficiently structured: purpose first, then parameter details, then conditions, sources, and finally the feedback fallback. It is slightly long but every sentence adds value; no filler.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's moderate complexity (2 parameters, no enums, rich annotations), the description covers all essential aspects: purpose, usage, behavioral details, parameter semantics, and even a feedback mechanism. An output schema exists but is not needed to explain return values as the description already summarizes the verdict.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Both parameters are described in the schema (100% coverage), but the description adds crucial context: 'manifest' is required with a 500 KB size limit, and 'lockfile' when provided audits pinned versions versus semver ranges. This enriches the agent's understanding beyond the schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states it audits a frontend package.json for security risks and returns a SHIP/CAUTION/BLOCK verdict. It distinguishes from the sibling 'security_fetch_package_vulnerabilities' which audits a single package, making the tool's purpose and differentiation explicit.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides explicit when-to-use guidance: it works on a full package.json, not a single package. It specifies that the 'lockfile' parameter is optional and explains the behavioral difference when provided vs absent. It also directs to call 'report_feedback' if the response is inadequate, offering a clear fallback.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.