Title: Tool restriction priority between copilot-instructions.md and AGENTS.md

### Describe the feature or problem you'd like to solve

     I observed unexpected behavior with tool restrictions when using custom agents.

### Proposed solution

     Expected behavior:
     When using @readonly-agent (defined in AGENTS.md with only view/read tools allowed),
     I expected all modification operations (str_replace, create, delete) to be blocked.

     Actual behavior:
     The agent was able to execute str_replace, create, and powershell commands
     despite AGENTS.md specifying only view/read tools.

     Questions:
     1. What is the priority order between .github/copilot-instructions.md and AGENTS.md
        for tool permissions?
     2. Can AGENTS.md restrict/deny tools that are allowed in copilot-instructions.md?
     3. What is the intended behavior for tool restriction inheritance?

     Environment:
     - GitHub Copilot CLI version: 0.0.349
     - Custom agent defined in AGENTS.md
     - Tool restrictions specified in agent definition

### Example prompts or workflows

_No response_

### Additional context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Title: Tool restriction priority between copilot-instructions.md and AGENTS.md #701

Describe the feature or problem you'd like to solve

Proposed solution

Example prompts or workflows

Additional context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Title: Tool restriction priority between copilot-instructions.md and AGENTS.md #701

Description

Describe the feature or problem you'd like to solve

Proposed solution

Example prompts or workflows

Additional context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions