azure_analyze_storage_security

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries full burden. It mentions the tool is a security analysis that returns findings, implying a read-only operation, but does not explicitly state safety or disclose any behavioral traits like auth requirements or rate limits. It adds context beyond the schema but is not deeply transparent.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single paragraph but uses bolding and bullet-like lists effectively. It is concise, covering key points without unnecessary fluff. Slightly dense but well-structured.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of the tool (multiple checks, advanced options) and no output schema, the description provides enough context: it lists checks, mentions risk levels, and notes new features. It could detail output format more, but sufficient for an agent.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema covers all 6 parameters with descriptions (100% coverage). The tool description does not add significant new meaning beyond summarizing the checks; e.g., it mentions 'NEW: Detects overly permissive SAS tokens' which aligns with the scanSasTokens parameter. Baseline 3 is appropriate as schema already documents parameters well.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states it is a 'Comprehensive storage security analysis' tool and lists specific checks including public blob access, firewall, encryption, SAS token security, and immutability. It distinguishes itself from sibling tools like azure_analyze_app_service_security by focusing on storage.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage for storage security analysis but does not explicitly mention when to use this versus alternatives among the many sibling Azure analysis tools. It provides clear context but no exclusions or when-not guidance.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.