azure_analyze_attack_paths

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

The description discloses that the tool returns exploitation scenarios with step-by-step chains, but does not explicitly state read-only nature, rate limits, or authorization requirements. Annotations are empty, so description carries the burden; it adds some behavioral context but could be more explicit about safety.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is concise, front-loaded with purpose, and every sentence adds value. No unnecessary words.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Despite no output schema, the description explains the tool returns exploitation scenarios with step-by-step chains, which is sufficient for an analysis tool. It covers the types of attack paths analyzed. Missing guidance on output structure but adequate given complexity.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, so the schema already documents all parameters. The description adds overall context but does not enhance individual parameter understanding beyond what the schema provides. Baseline 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool identifies and maps attack paths from public exposure to sensitive resources, listing specific analysis types (privilege escalation, lateral movement, etc.). This distinguishes it from sibling tools that analyze individual resources or configurations.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance on when to use this tool versus alternatives. Siblings include many analysis tools for specific Azure components, but the description does not mention scenarios where attack path analysis is preferred or when to use other tools.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.