Beyond the Generic Chatbot: Five Ways to Customize GitHub Copilot Agents for Your Team

READER BEWARE: THE FOLLOWING WRITTEN ENTIRELY BY AI WITHOUT HUMAN EDITING.

Introduction

Out of the box, GitHub Copilot is an impressive general-purpose coding assistant. But “general-purpose” is a double-edged sword. A model trained on the entire breadth of public code doesn’t know that your team uses Pytest and not unittest, that every database migration must include a rollback script, or that your internal/ packages should never be imported directly from cmd/. Without that context, the agent makes reasonable-but-wrong assumptions dozens of times a day — and you end up spending more time correcting its output than you save.

The good news is that VS Code’s GitHub Copilot platform exposes a rich set of customization primitives that let you inject exactly that missing context. These aren’t buried configuration switches; they’re first-class authoring surfaces designed to be committed to your repository and shared with your whole team. Used well, they transform Copilot from a capable stranger into a well-onboarded team member that already knows your stack, your conventions, and your non-negotiables.

This post walks through five of those primitives — instruction files, skills, prompts, custom agents, and hooks — explaining what each one is for, when to reach for it, and how to avoid common pitfalls.

1. Instruction Files — The “Always-On” Guardrails

What They Are

Instruction files are Markdown documents that Copilot reads automatically and injects into its context before every interaction. Think of them as your team’s standing orders: the things every developer on the team is expected to know and that you’d rather not repeat in every chat session.

Copilot supports two scopes:

  • Global instructions (.github/copilot-instructions.md) — applied to every request regardless of which file the agent is looking at. Use this for repository-wide conventions: language versions, preferred libraries, architectural patterns, branch-naming rules, and so on.
  • File-based instructions — scoped via glob patterns so they only apply when the agent is working with files that match. For example, a *.test.ts pattern can inject TypeScript-specific testing conventions, while a **/*.py pattern can tell Copilot to use ruff for formatting and mypy --strict for type checking.

Writing Instructions That Actually Work

The gap between a useful instruction file and a wasteful one comes down to specificity and reasoning.

Be specific enough that no ambiguity remains:

<!-- ❌ Too vague — the agent already tries to write good tests -->
Write thorough tests.

<!-- ✅ Specific — tells the agent exactly which framework and style -->
Use pytest with the pytest-asyncio plugin for all async tests.
Fixture scope should be "function" by default; only widen to "session"
when the fixture involves a real database connection.
Mark tests that hit the network with @pytest.mark.integration so they
can be excluded from the local fast-feedback loop.

Include the reasoning. An agent that understands why a rule exists handles edge cases better than one that just pattern-matches against a surface instruction:

Avoid adding retries inside individual service clients. Retry logic lives
in the shared `resilience/` package so that all callers get consistent
back-off behaviour and retry budgets are tracked in one place.

Skip rules your linter already enforces. If eslint will catch unused imports anyway, documenting them in the instruction file wastes context window space that could hold something the linter can’t enforce.

Provide concrete code examples when a convention is subtle or likely to be misapplied. Short snippets are worth far more than a paragraph of prose.

2. Skills — On-Demand Capabilities

What They Are

While instruction files are always present, skills are loaded dynamically — only when they’re relevant to the task the agent is currently executing. A skill is a reusable, named capability that the agent can invoke when it recognises that a task matches that capability’s domain.

The key distinction is in the word dynamic. If you put your specialised debugging runbook into an instruction file, it’s injected into every single request — including the ones where the agent is just renaming a variable. That’s expensive and creates noise. If you package it as a skill, it stays out of the way until the agent is actually debugging something.

When to Use Skills

Skills shine for:

  • Domain-specific diagnostic processes — for example, a skill that knows how to read your distributed tracing spans and correlate them with the relevant service logs.
  • Reusable generation workflows — a skill that knows the exact shape of your internal gRPC service stubs, so the agent can scaffold a new service without you explaining the template every time.
  • Tool-specific expertise — a skill that encapsulates the correct sequence of Terraform commands your team uses for a zero-downtime infrastructure change.

The rule of thumb: if you’d only need a capability a fraction of the time, make it a skill. If you’d need it on nearly every task, consider promoting it to an instruction file.

3. Prompts — One-Shot Workflows as Slash Commands

What They Are

Prompts are predefined, parameterised tasks that appear as slash commands in the Copilot chat input. Users invoke them directly — /cleanup-pr, /gen-tests, /summarise-migration — without having to type out the same task description every session.

Where instruction files and skills shape how the agent behaves, prompts define what the agent should do in a specific, bounded workflow. They’re particularly valuable for tasks that follow a predictable structure but involve enough steps that writing them out each time is tedious and error-prone.

Good Candidates for Prompts

PromptWhat It Does
/gen-testsGenerates a full test suite for the selected file, using your team’s test conventions from the instruction file
/cleanup-prSummarises changes, ensures commit messages match the conventional commits spec, and flags large diffs that should be split
/add-observabilityAdds structured log statements, metrics counters, and trace spans using your team’s observability libraries
/describe-migrationProduces a human-readable description of a database migration suitable for the change-management ticket

Authoring Tips

  • Make prompts idempotent where possible — running /gen-tests twice should produce the same tests, not append a second copy.
  • Keep prompts focused — a prompt that tries to do too much (generate tests and update the README and open a PR) becomes fragile. Compose smaller prompts instead of building monoliths.
  • Document the expected inputs — if your prompt requires the user to have a file open or to have selected some code, say so clearly in the prompt’s description.

4. Custom Agents and Sub-Agents — Role-Based Personas

What They Are

Custom agents let you define specialised, role-based personas within the Copilot ecosystem. Where the default Copilot agent is a generalist, a custom agent has a narrower remit, a constrained set of tools, a dedicated model selection, and a specific instruction set tuned for its role.

Examples of roles that benefit from a dedicated agent:

  • Planner — decomposes a high-level feature request into an ordered task list, but deliberately has no write access to the file system so it can’t accidentally start implementing before planning is done.
  • Security Reviewer — runs with a model that has strong reasoning about CVEs and OWASP categories, with tools limited to reading code and running static analysis. It cannot make changes, only report.
  • Solution Architect — produces architecture decision records (ADRs) and system diagrams, with access to your internal documentation corpus but not to production secrets.
  • Database Migration Specialist — knows your ORM, your migration framework, and your rollback conventions in depth, and is the only agent permitted to touch db/migrate/.

The Power of Sub-Agents

Sub-agents are where the architecture gets genuinely exciting. A sub-agent executes its work in its own isolated context window, completely separate from the orchestrator that launched it. This has two major consequences:

Context isolation. When a planner agent hands a task to an implementation agent, the implementation agent works in a clean slate. It doesn’t inherit the entire planning conversation, which might contain hundreds of tokens of deliberation that are irrelevant to the implementation step. The orchestrator’s context stays lean and focused.

Parallelisation. Because each sub-agent has its own context, multiple sub-agents can run simultaneously. A security review, a performance analysis, and a documentation update can all happen in parallel — the orchestrator simply fans out the work and collects the results. This is qualitatively different from asking a single agent to do all three things sequentially.

Automated handoffs. You can wire agents together into pipelines. A planning agent produces a structured task list; an execution agent consumes it and produces code; a review agent checks the code and produces a structured report; a documentation agent reads the report and updates the relevant docs. Each handoff is deterministic and auditable.

A Concrete Example

Consider a feature delivery workflow:

User: "Implement the rate-limiting feature from the spec"
         │
         ▼
   [Planner Agent]
   - Reads spec document
   - Decomposes into tasks
   - Produces structured task list
         │
         ├──────────────────────┐
         ▼                      ▼
[Implementation Agent]   [Security Review Agent]
- Writes the code         - Analyses the plan for
- Runs unit tests           security implications
- Produces PR diff        - Flags concerns
         │                      │
         └──────────┬───────────┘
                    ▼
           [Orchestrator collects results,
            merges PR, files security findings]

The entire workflow runs with minimal human intervention, and because each agent’s context is isolated, none of them are carrying the cognitive overhead of the others’ work.

5. Hooks — Lifecycle Triggers

What They Are

Hooks are the most deterministic customisation primitive in the Copilot platform. Where instruction files are suggestions and agents exercise judgement, hooks are code-driven triggers that fire at specific points in the agent’s lifecycle:

  • session.start / session.stop
  • pre-tool-use / post-tool-use
  • pre-file-edit / post-file-edit

A hook receives structured information about what just happened (or is about to happen) and can inject additional context, block an operation, or trigger a side effect.

High-Value Use Cases

Security policy enforcement. A pre-tool-use hook on fetch_url can check the target URL against your organisation’s allow-list and block requests to unapproved external services before they happen:

# hooks/pre_fetch_url.py
def on_pre_tool_use(tool_name: str, params: dict) -> dict:
    if tool_name == "fetch_url":
        url = params.get("url", "")
        if not is_allowed(url, ALLOWLIST):
            return {"block": True, "reason": f"{url} is not on the approved fetch list"}
    return {"block": False}

Automated code quality. A post-file-edit hook can automatically run your formatter and linter on any file the agent touches, ensuring that agent-generated code always passes CI before it’s committed — without requiring the agent to remember to run them:

# hooks/post_file_edit.sh
#!/usr/bin/env bash
FILE=$1
ruff format "$FILE"
ruff check --fix "$FILE"

Audit trails. A post-tool-use hook can write a structured log entry every time the agent invokes a tool that touches production systems — providing a complete, tamper-evident audit trail of what the agent did and when, without any manual logging discipline required.

Session initialisation. A session.start hook can fetch the latest team conventions from an internal wiki, the current sprint’s open issues from Jira, or the day’s on-call rotation from PagerDuty — injecting live operational context that a static instruction file could never provide.

Why Hooks Beat Manual Discipline

The value of hooks is their determinism. You don’t rely on the agent remembering to format the file or log the action; the hook fires regardless of what the agent does or doesn’t do. This makes hooks the right tool for policies that must be enforced, not just suggested.

Conclusion: Where to Start

Five customisation primitives can feel like a lot to absorb, and it’s tempting to try to implement all of them at once. Resist that temptation. Trying to design your skills taxonomy, your agent personas, your hook policies, and your prompt library simultaneously — before you’ve seen how the agent behaves day-to-day — is a recipe for over-engineering something you’ll have to redesign a week later.

Start with instruction files. They are the highest-return investment by a significant margin. A well-written .github/copilot-instructions.md that captures your key architectural conventions, testing requirements, and forbidden patterns will immediately improve the quality and consistency of everything the agent generates. It takes an hour to write, it commits to your repository, and every developer on the team benefits from it without having to do anything extra.

Once you’ve lived with a good instruction file for a week or two, you’ll have a much clearer picture of what’s missing. That gap will tell you what to build next — whether it’s a prompt for a common workflow, a skill for a specialised domain, or a hook for a policy that needs to be enforced. Let the gaps drive the roadmap rather than trying to anticipate every need upfront.

The right customisation is the one that removes friction from how your team actually works — not the most sophisticated architecture you can design in theory.