get_ai_summary_prompt

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

The description explicitly states that the server performs no LLM calls, a key behavioral trait. It also outlines the expected workflow (passing the prompt output to a report tool). With no annotations provided, this disclosure is critical and well-done.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is two sentences long, front-loaded with the core purpose, and contains no filler. Every sentence adds value, including the crucial note about no LLM calls.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given three parameters, no output schema, and no annotations, the description adequately explains the tool's function, return value (a prompt), and usage workflow. It could be slightly more specific about the prompt's structure, but it remains complete enough for an AI agent to use correctly.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with good parameter descriptions. The description adds context by explaining each enum value's meaning and the scan_results parameter format, reinforcing the schema information. It provides additional clarity beyond the schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states it returns a report-type-tailored prompt for AI security summaries, with explicit mention of no LLM calls. It distinguishes from sibling report-generation tools by focusing on prompt generation rather than direct report output.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

It specifies when to use (to make summaries specific to report type) and lists supported report types. It implies the workflow of passing generated text back to a report tool. However, it does not explicitly state when not to use or name alternative tools for direct report generation, but the context from sibling tools makes it clear.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.