detect_anomalous_findings

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

The description discloses the use of embeddings and baseline comparison, and explains the threshold effect. However, it omits details on side effects, authentication requirements, or performance impacts. Since annotations are absent, the description carries full burden but is only partially adequate.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is mostly concise, front-loading the core purpose. The docstring-style listing of args is efficient, though the mention of 'TPU-accelerated embeddings' adds minor fluff. Overall, every sentence contributes value.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given that an output schema exists, the description's mention of 'JSON with anomalous findings and analysis' is sufficient. The 3 parameters are explained, and the behavior is clear for a detection tool. Some details on the baseline selection or edge cases are missing but not critical.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Despite 0% schema description coverage, the description adds meaningful explanations for each parameter: 'Current scan' for scan_id, 'previous scan to compare against' for baseline_scan_id, and 'lower values = more anomalies' for threshold. This compensates well for the missing schema descriptions.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: detecting anomalous findings using TPU-accelerated embeddings and comparing against a baseline. It specifies the resource (security findings) and action (detect anomalies), distinguishing it from sibling tools like list_scans or prioritize_findings.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage context (comparing scans for anomalies) but does not explicitly state when to use this tool versus alternatives, nor does it provide when-not-to-use scenarios or prerequisites.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.