Understanding skills, hooks, and lifecycle automation
Understanding skills, hooks, and lifecycle automation
Most of Copilotβs customization stack works through natural language β you write Markdown instructions, and the model interprets them. This works well for guidance, standards, and workflows. But some situations need more.
Agent Skills bundle templates, scripts, and examples alongside instructions, creating portable capabilities that work across VS Code, CLI, and the GitHub Coding Agent. Agent Hooks run your code at lifecycle points during agent sessions, providing deterministic enforcement that doesnβt depend on model interpretation.
Together, skills and hooks fill the gap between βsuggesting the model do somethingβ and βguaranteeing it happens.β This article explains what each mechanism is, how they work conceptually, how they complement each other, and when to choose one over the other.
Table of contents
- π― Beyond natural language guidance
- π¦ Agent Skills: portable, resource-rich capabilities
- πͺ Agent Hooks: deterministic lifecycle automation
- π How skills and hooks complement each other
- β Decision framework: skills vs. hooks vs. other types
- β οΈ Current limitations
- π― Conclusion
- π References
π― Beyond natural language guidance
Every customization type in the Copilot stack has a fundamental limitation: it relies on the model to interpret and follow instructions. Instruction files say βuse camelCaseβ β but the model might occasionally use snake_case anyway. Agent files say βdonβt edit filesβ β but tool restrictions are the only hard guarantee, and even those depend on how the model reasons about tool selection.
Skills and hooks address this limitation from two different angles:
| Mechanism | What it provides | Guarantee level |
|---|---|---|
| Skills | Rich resources (templates, scripts, examples) alongside instructions | Medium β the model still interprets, but with concrete reference material |
| Hooks | Shell commands that execute at lifecycle events | High β your code runs deterministically, regardless of model behavior |
π¦ Agent Skills: portable, resource-rich capabilities
A skill is a folder containing a SKILL.md file plus optional resources (templates, scripts, examples). Unlike instruction files that provide rules, or prompt files that provide workflows, skills provide capabilities β complete packages that include both the instructions and the materials needed to execute them.
How skills differ from other types
| Aspect | Skills | Instructions | Prompts | Agents |
|---|---|---|---|---|
| File | SKILL.md in a directory |
.instructions.md |
.prompt.md |
.agent.md |
| Activation | Automatic (description matches your prompt) | Automatic (file pattern) | On-demand (/command) |
Agent picker |
| Resources | β Templates, scripts, examples | β None | β None | β None |
| Cross-platform | β VS Code, CLI, coding agent | β οΈ VS Code + GitHub.com | β VS Code only | β VS Code only |
| Tool control | β Limited | β None | β Full | β Full |
| Standard | Open (agentskills.io) | VS Code-specific | VS Code-specific | VS Code-specific |
The critical differentiator is resources. A skill doesnβt just say βcreate a test file following our patterns.β It says βcreate a test file using this templateβ β and includes the actual template. The model doesnβt have to guess what βour patternsβ look like; it has a concrete example to follow.
The progressive disclosure system
Skills use a three-level loading system to minimize context consumption:
Level 1: DISCOVERY (Always loaded)
βββ name: "webapp-testing"
βββ description: "Automated testing workflow for web apps..."
(~50-100 tokens per skill)
β
βΌ (When your prompt matches the description)
Level 2: INSTRUCTIONS (Loaded on match)
βββ SKILL.md body content
(~500-1500 tokens)
β
βΌ (When Copilot references a specific resource)
Level 3: RESOURCES (Loaded on demand)
βββ templates/component.test.js
βββ examples/login-form-tests.js
βββ scripts/setup-test-env.sh
(Loaded only when explicitly needed)This design means that having 20 skills in your repository costs only ~2,000 tokens at Level 1 (just names and descriptions). The full content loads only when relevant β a significant advantage over instruction files, which inject their full content into every matching request.
Skill structure
A typical skill folder:
.github/skills/webapp-testing/
βββ SKILL.md # Required: instructions + metadata
βββ templates/ # Optional: reusable templates
β βββ component.test.js
βββ examples/ # Optional: real-world examples
β βββ login-form-tests.js
βββ scripts/ # Optional: automation scripts
βββ setup-test-env.shThe SKILL.md file has YAML frontmatter with name and description (both required), followed by instructions in the body:
---
name: webapp-testing
description: >
Generate test suites for React components using Jest.
Use when writing tests, debugging failures, or setting up test infrastructure.
---
# Web Application Testing Skill
## Purpose
Generate comprehensive test suites following team conventions.
## When to use
- Writing new component tests
- Debugging test failures
- Setting up test infrastructure
## Workflow
1. Analyze the component's props and state
2. Generate test file using [test template](./templates/component.test.js)
3. Run tests to verify coverageWhen to use skills
- Cross-platform workflows β tasks that should work the same in VS Code, CLI, and the coding agent
- Template-driven tasks β code generation, scaffolding, migration where concrete templates improve consistency
- Community sharing β open standard means skills work across tools
- Resource-heavy workflows β tasks that need reference files, scripts, or examples alongside instructions
πͺ Agent Hooks: deterministic lifecycle automation
Agent hooks are JSON-configured shell commands that execute at specific lifecycle points during agent sessions. Unlike every other customization type (which influences the model through natural language), hooks run your code β deterministically, with guaranteed outcomes.
Why determinism matters
Consider this scenario: your instruction file says βalways run the linter after editing a file.β The model usually follows this β but sometimes it doesnβt. It forgets, or it decides the linter isnβt relevant for βjust a small change,β or it runs the linter but ignores the results.
A hook configured on the PostToolUse event runs your linter script every time a file is modified. The model doesnβt choose whether to run it. Your code executes automatically.
The eight lifecycle events
Hooks fire at specific points during agent sessions:
| Event | When it fires | Common use cases |
|---|---|---|
SessionStart |
First prompt of a new session | Initialize resources, inject project context |
UserPromptSubmit |
User submits a prompt | Audit requests, inject system context |
PreToolUse |
Before agent invokes any tool | Block dangerous operations, modify tool input |
PostToolUse |
After tool completes successfully | Run formatters, linters, log results |
PreCompact |
Before context compaction | Export important context, save state |
SubagentStart |
Subagent is spawned | Track nested agent usage |
SubagentStop |
Subagent completes | Aggregate results, clean up |
Stop |
Agent session ends | Generate reports, send notifications |
How hooks work
Hooks receive structured JSON via stdin and can return JSON via stdout. The PreToolUse event is particularly powerful because it can block tool execution or modify tool inputs:
Agent wants to run a terminal command
β
βΌ
βββββββββββββββββββββββββββββββ
β PreToolUse hook fires β
β Receives: tool name, args β
β β
β Hook script evaluates: β
β ββ Contains "rm -rf"? β
β β β Return: BLOCK β
β ββ Contains "DROP TABLE"? β
β β β Return: BLOCK β
β ββ Otherwise β
β β Return: ALLOW β
βββββββββββββββββββββββββββββββ
β
βΌ
Tool executes (or is blocked)Hook configuration
Hooks are configured in JSON files stored in .github/hooks/:
{
"hooks": {
"PreToolUse": [
{
"type": "command",
"command": "./scripts/validate-tool.sh",
"timeout": 15
}
],
"PostToolUse": [
{
"type": "command",
"command": "npx prettier --write \"$TOOL_INPUT_FILE_PATH\""
}
]
}
}Hook characteristics
| Aspect | Description |
|---|---|
| Deterministic | β Runs your code, not the modelβs interpretation |
| Can block execution | β
PreToolUse can prevent dangerous operations |
| Can modify input | β Hooks can alter tool parameters before execution |
| Cross-compatible | β Same format as Claude Code and Copilot CLI |
| Execution contexts | Works across local, background, and cloud agents |
When to use hooks
- Security enforcement β block dangerous commands, prevent file deletion, restrict access
- Code quality automation β run formatters and linters automatically after edits
- Audit trails β log every tool invocation for compliance and debugging
- Context injection β add project metadata, environment details, or branch info at session start
- Approval control β auto-approve safe operations, require confirmation for sensitive ones
- Subagent governance β track and constrain nested agent usage
π How skills and hooks complement each other
Skills and hooks address different aspects of the same problem: making Copilotβs behavior more reliable. Theyβre complementary, not competing:
| Aspect | Skills provide | Hooks provide |
|---|---|---|
| Content | Reference material (templates, examples, scripts) | Execution automation (shell commands at lifecycle points) |
| Reliability | Improved accuracy through concrete examples | Guaranteed execution through deterministic code |
| Scope | Task-specific capabilities | Session-wide policies |
| Language | Markdown (interpreted by model) | Shell commands (executed by system) |
When to combine them
Skills and hooks work best together in scenarios that need both guidance and enforcement:
Skill: βGenerate tests using our team templateβ
Hook:
PostToolUseruns the test suite after every file creationSkill: βCreate database migrations following our naming conventionβ
Hook:
PreToolUsevalidates migration file names before write operationsSkill: βScaffold new API endpoints using our patternsβ
Hook:
PostToolUseruns the linter and formatter on every created file
β Decision framework: skills vs. hooks vs. other types
What are you trying to accomplsh?
β
ββ "I need the model to follow a workflow with templates"
β ββ β Skill (SKILL.md + resources)
β
ββ "I need to guarantee something happens at a lifecycle point"
β ββ β Hook (.github/hooks/*.json)
β
ββ "I need persistent coding standards"
β ββ β Instruction file (.instructions.md)
β
ββ "I need a specialized AI persona with tool restrictions"
β ββ β Agent (.agent.md)
β
ββ "I need a one-time reusable workflow"
β ββ β Prompt file (.prompt.md)
β
ββ "I need both guidance AND enforcement"
ββ β Skill + Hook (combine both)Quick comparison table
| Need | Best mechanism | Why |
|---|---|---|
| Block dangerous commands | Hook (PreToolUse) |
Deterministic β canβt be bypassed |
| Auto-format after edits | Hook (PostToolUse) |
Guaranteed execution, not model judgment |
| Generate tests from template | Skill | Provides the actual template, not just instructions |
| Enforce naming conventions | Instruction file | Pattern-based, always active for matching files |
| Define a security reviewer persona | Agent | Identity override with tool restrictions |
| Run a code review workflow | Prompt file | On-demand task with tool control |
| Cross-platform scaffolding | Skill | Works across VS Code, CLI, and coding agent |
| Audit all tool invocations | Hook (PreToolUse + PostToolUse) |
Captures every operation deterministically |
β οΈ Current limitations
Skills limitations
- Preview feature β APIs and behaviors may change in future releases
- No tool control β skills canβt restrict which tools the model uses (unlike agents and prompts)
- No handoffs β skills canβt orchestrate multi-step workflows between agents
- Description-based activation β if the description doesnβt match the userβs prompt, the skill wonβt activate
- Requires
chat.useAgentSkills: truesetting in VS Code
Hooks limitations
- Preview feature β configuration format may change
- Shell commands only β hooks run shell scripts, not native code
- Timeout constraints β hooks must complete within their timeout (default varies by event)
- No model influence β hooks canβt change how the model reasons; they only control execution
- Organization policies β your organization might have disabled hooks for security reasons
π― Conclusion
Skills and hooks extend GitHub Copilotβs customization stack beyond natural language guidance into concrete resources and deterministic automation. Skills package templates, scripts, and examples into portable capabilities that improve the modelβs accuracy through reference material. Hooks guarantee that specific code runs at lifecycle events, regardless of model behavior.
Key takeaways
- Skills are portable capabilities with resources (templates, scripts, examples) that work across VS Code, CLI, and the coding agent
- Hooks are deterministic shell commands that fire at eight lifecycle events during agent sessions
- Skills improve accuracy through concrete reference material; hooks provide guaranteed execution
- The progressive disclosure system means skills consume minimal tokens until activated
PreToolUsehooks can block dangerous operations β the most powerful enforcement mechanism in the stack- Skills and hooks are complementary β combine them when you need both guidance and enforcement
Next steps
- How to structure content for Copilot skills β practical guide to writing
SKILL.mdfiles - How to use agent hooks for lifecycle automation β complete coverage of all eight lifecycle events
- Understanding MCP and the tool ecosystem β the protocol for extending Copilot with external tools
π References
VS Code Agent Hooks Documentation [π Official] Official VS Code documentation for agent hooks. Covers all eight lifecycle events, JSON configuration format, input/output schemas, permission decisions in PreToolUse, and cross-platform compatibility with Claude Code and Copilot CLI.
VS Code Copilot Customization Overview [π Official] Microsoftβs comprehensive guide to customizing Copilot, including coverage of Agent Skills β file structure, progressive disclosure, cross-platform support, and enabling the preview feature.
Agent Skills Open Standard (agentskills.io) [π Official] The open standard defining the skill file format, progressive disclosure system, and cross-platform compatibility requirements.
VS Code v1.107 Release Notes [π Official] December 2024 release introducing Agent Skills as a preview feature, alongside Agent HQ and enhanced lifecycle management.