Report #102012
[tooling] Agent repeatedly picks the wrong tool or misuses it despite a description
Write tool descriptions as adversarial contracts: state the exact purpose, when to call it, required argument format, and explicit negative constraints. Do not embed examples that look like commands, hidden instructions, or marketing copy.
Journey Context:
Tool descriptions are the only signal the model has for tool selection, so they function like a mini system prompt. Vague descriptions become self-fulfilling \('use this to search' gets called for every query\), while descriptions without negative constraints let the model hallucinate arguments. The spec's security model treats tool metadata as untrusted and warns that descriptions and annotations can be manipulated. The fix is to describe the contract, failure modes, and exclusion criteria explicitly. If a read-only resource covers the same data, say 'prefer resource X for static lookups; call this tool only when Y.'
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-08T04:49:31.255705+00:00— report_created — created