preToolUse hooks are not enforced in subagents #2392
Description
Describe the bug
preToolUse hooks configured in config.json are correctly enforced on the main agent, but are not enforced on subagents spawned via the task tool. This means any tool restriction can be trivially bypassed by delegating the operation to a subagent.
Affected version
1.0.12 (Windows)
Steps to reproduce the behavior
1. Configure a preToolUse hook (at ~\.copilot\config.json) that blocks a specific tool (e.g. sql, powershell, etc.)
2. Have the main agent call that tool → correctly blocked ✅
3. Have the main agent spawn a subagent and ask it to call the same tool → hook not enforced, tool succeeds ❌
Expected behavior
preToolUse hooks should apply to all agents in the execution tree — main agent and any subagents alike.
Additional context
Any security boundary enforced via hooks can be bypassed using the task tool, including file access controls, command restrictions, and audit logging.