db_execute

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden and does so effectively. It discloses key behavioral traits: the tool's dependency on safety modes, restrictions on destructive operations (DROP/TRUNCATE), and the need for a confirmation_token in admin mode. This covers permissions, constraints, and workflow details, though it could mention error handling or transaction behavior.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized and front-loaded, starting with the core purpose and immediately following with detailed safety mode guidelines. Every sentence earns its place by providing essential operational context without redundancy, making it efficient and well-structured for quick comprehension.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (database mutations with safety modes), no annotations, 0% schema coverage, but an output schema exists, the description is mostly complete. It covers purpose, usage, and key behaviors but lacks details on parameters like connection_id and sql. The output schema likely handles return values, so this gap is acceptable, though some parameter context would enhance completeness.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, so the description must compensate. It explains the confirmation_token's role in admin mode for destructive operations, adding meaning beyond the schema. However, it doesn't clarify connection_id (e.g., what it references) or sql (e.g., format or validation), leaving two of three parameters with minimal semantic context. The partial compensation justifies a baseline score.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool executes INSERT/UPDATE/DELETE statements, providing a specific verb (execute) and resource (database statements). It distinguishes from siblings like db_query (likely for SELECT) and db_explain (for query analysis), though not by explicit naming. The purpose is well-defined but could be more explicit about sibling differentiation.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides explicit usage guidelines by detailing when to use based on safety modes: read-only (rejects writes), write (allows INSERT/UPDATE/DELETE, blocks DROP/TRUNCATE), and admin (allows everything with confirmation_token). It implicitly contrasts with db_query for read operations and references safety mode tools, offering clear context for when and how to invoke this tool.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.