azure_analyze_application_gateway

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations exist, so the description carries the full burden. It describes the analysis and identification of misconfigurations, which implies a read-only operation, but it does not explicitly state that the tool is non-destructive or mention required permissions (e.g., Reader role). The description adds context about security risks (WAF bypass, MitM) but lacks a clear safety disclaimer.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, well-structured paragraph that front-loads the tool's purpose. Each sentence adds specific value (lists checks, states security implications). No redundant or filler words. Appropriate length for the tool's scope.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity as a security analyzer, the description covers the main functionality (WAF checks, SSL, routing rules) and identifies misconfigurations. Schema provides full parameter coverage. No output schema exists, so lack of return value description is acceptable. However, adding a sample report format or noting that results are presented in the specified 'format' would increase completeness.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Input schema has 100% coverage with descriptions for all 3 parameters (subscriptionId, resourceGroup, format). The description does not add additional meaning beyond the schema, so it meets the baseline. No deeper parameter context (e.g., behavior when resourceGroup omitted) is provided.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description specifically states it analyzes Azure Application Gateway and WAF security configuration, listing concrete checks like WAF mode, OWASP rule set, SSL/TLS policy, etc. This distinguishes it clearly from sibling tools that focus on other Azure services (e.g., app service, NSG rules). The verb 'analyze' and resource 'Application Gateway' are clear.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage for security auditing but does not explicitly state when to use this tool versus alternatives like azure_analyze_nsg_rules or azure_analyze_keyvault_security. No when-not-to-use guidance or prerequisites are mentioned, leaving the agent to infer from context.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.