Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description bears full responsibility for behavioral disclosure. It only states the tool executes a SELECT query, but does not explicitly confirm it is read-only, mention permission requirements, error handling, or the effect of malformed queries. The implied read-only nature is not sufficient.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.