docs(learning-hub): update for Copilot CLI v1.0.64-v1.0.65 features (#2127)

- creating-effective-skills: add 'copilot skill' CLI subcommand for
  listing, adding, and removing skills (v1.0.65); add '/skill' alias
- automating-with-hooks: document userPromptSubmitted additionalContext
  injection into model-facing prompt (v1.0.65); update hook events table
- copilot-configuration-basics: add opt-in CI check status bar indicator
  for current branch (v1.0.65)
- building-custom-agents: add note that /security-review is now available
  to all users without --experimental (v1.0.64)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: github-actions[bot]

website/src/content/docs/learning-hub/automating-with-hooks.md

@@ -3,7 +3,7 @@ title: 'Automating with Hooks'
 description: 'Learn how to use hooks to automate lifecycle events like formatting, linting, and governance checks during Copilot agent sessions.'
 authors:
   - GitHub Copilot Learning Hub Team
-lastUpdated: 2026-06-23
+lastUpdated: 2026-06-25
 estimatedReadingTime: '8 minutes'
 tags:
   - hooks
@@ -89,7 +89,7 @@ Hooks can trigger on several lifecycle events:
 |-------|---------------|------------------|
 | `sessionStart` | Agent session begins or resumes | Initialize environments, log session starts, validate project state |
 | `sessionEnd` | Agent session completes or is terminated | Clean up temp files, generate reports, send notifications |
-| `userPromptSubmitted` | User submits a prompt | Log requests for auditing and compliance; handle requests directly without invoking the LLM (v1.0.44+) |
+| `userPromptSubmitted` | User submits a prompt | Log requests for auditing and compliance; handle requests directly without invoking the LLM (v1.0.44+); inject `additionalContext` into the model prompt (v1.0.65+) |
 | `preToolUse` | Before the agent uses any tool (e.g., `bash`, `edit`) | **Approve or deny** tool executions, block dangerous commands, enforce security policies |
 | `postToolUse` | After a tool **successfully** completes execution | Log results, track usage, format code after edits |
 | `postToolUseFailure` | When a tool call **fails with an error** | Log errors for debugging, send failure alerts, track error patterns |
@@ -118,6 +118,28 @@ cat <<EOF
 EOF
 ```
 
+### userPromptSubmitted additionalContext (v1.0.65+)
+
+The `userPromptSubmitted` hook also supports the `additionalContext` field. When your hook returns `{"additionalContext": "..."}`, that text is **injected into the model-facing prompt** before the model processes the user's message. This is distinct from the `response` field (which bypasses the model entirely) — here the model still runs, but with extra context prepended.
+
+This is useful for per-prompt enrichment: adding the current git diff, environment state, or dynamic instructions that should influence the model's response for this specific request.
+
+```bash
+#!/usr/bin/env bash
+# Inject the current git status into every prompt for context awareness
+INPUT=$(cat)
+BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "unknown")
+STAGED=$(git diff --cached --stat 2>/dev/null | tail -1)
+
+cat <<EOF
+{
+  "additionalContext": "Active branch: $BRANCH. Staged changes: ${STAGED:-none}."
+}
+EOF
+```
+
+> **How it works**: If your hook writes `{"additionalContext": "..."}` to stdout and exits with code `0`, the text is prepended to the model prompt for this turn. The hook can also write both `additionalContext` and `response` — if `response` is present, that wins and the model call is skipped.
+
 ### Extension Hooks Merging
 
 When multiple IDE extensions (or a mix of extensions and a `hooks.json` file) each define hooks, all hook definitions are **merged** rather than the last one overwriting the others. This means you can layer hooks from different sources—a project's `.github/hooks/` file, an extension you have installed, and a personal settings file—and all of them will fire for the relevant events.

website/src/content/docs/learning-hub/building-custom-agents.md

@@ -3,7 +3,7 @@ title: 'Building Custom Agents'
 description: 'Learn how to create specialized GitHub Copilot agents with custom personas, tool integrations, and domain expertise.'
 authors:
   - GitHub Copilot Learning Hub Team
-lastUpdated: 2026-05-05
+lastUpdated: 2026-06-25
 estimatedReadingTime: '10 minutes'
 tags:
   - agents
@@ -186,6 +186,8 @@ You are a release manager who automates the release process.
 
 Create agents that enforce standards:
 
+> **Built-in `/security-review`**: Before creating a custom security-reviewer agent, note that GitHub Copilot CLI includes a built-in `/security-review` command (available to all users since v1.0.64). It performs a security-focused analysis of staged changes or specified files. Custom security-reviewer agents are still valuable for domain-specific rules, team conventions, and deep integration with MCP tools like Sentry or SAST platforms.
+
 ```markdown
 ---
 name: 'Accessibility Auditor'

website/src/content/docs/learning-hub/copilot-configuration-basics.md

@@ -3,7 +3,7 @@ title: 'Copilot Configuration Basics'
 description: 'Learn how to configure GitHub Copilot at user, workspace, and repository levels to optimize your AI-assisted development experience.'
 authors:
   - GitHub Copilot Learning Hub Team
-lastUpdated: 2026-06-24
+lastUpdated: 2026-06-25
 estimatedReadingTime: '10 minutes'
 tags:
   - configuration
@@ -565,7 +565,7 @@ The `/compact` command summarizes the conversation history to free up context wi
 
 > **ACP sessions (v1.0.39+)**: The `/compact`, `/context`, `/usage`, and `/env` commands are now available in ACP (Agent Coordination Protocol) sessions, allowing remote ACP clients to surface session details and manage context from within their own automated workflows.
 
-The `/statusline` command (with `/footer` as an alias) lets you control which items appear in the terminal status bar. You can show or hide individual indicators like the working directory, current branch, effort level, context window usage, quota, and **active account username** (v1.0.43+). The **changes** toggle shows a running count of added/removed lines for the session — useful when tracking the scope of an ongoing edit:
+The `/statusline` command (with `/footer` as an alias) lets you control which items appear in the terminal status bar. You can show or hide individual indicators like the working directory, current branch, effort level, context window usage, quota, and **active account username** (v1.0.43+). The **changes** toggle shows a running count of added/removed lines for the session — useful when tracking the scope of an ongoing edit. In v1.0.65+, there is also an opt-in **CI check status** indicator that shows the passing/running/failing state of CI checks for the current branch — enable it from the `/statusline` menu:
 
 ```
 /statusline             # show the statusline configuration menu

website/src/content/docs/learning-hub/creating-effective-skills.md

@@ -3,7 +3,7 @@ title: 'Creating Effective Skills'
 description: 'Master the art of writing reusable, shareable skill folders that deliver consistent results across your team.'
 authors:
   - GitHub Copilot Learning Hub Team
-lastUpdated: 2026-06-23
+lastUpdated: 2026-06-25
 estimatedReadingTime: '9 minutes'
 tags:
   - skills
@@ -370,6 +370,19 @@ A: Skills can be invoked in several ways:
 - **Multiple skills in one message**: You can invoke multiple skills in a single message (e.g., `/generate-tests and then /conventional-commit`). Both skills will be executed in sequence.
 - **Agent discovery**: Agents can also discover and invoke skills automatically based on the skill's `description` and the user's intent — no slash command required.
 
+**Q: How do I manage skills from the CLI?**
+
+A: The `copilot skill` subcommand (v1.0.65+) lets you list, add, and remove skills directly from the terminal without editing config files manually:
+
+```bash
+copilot skill list                      # list all currently loaded skills
+copilot skill add ./my-skill/           # add a skill from a local directory
+copilot skill add https://example.com/skill.zip  # add a skill from a URL
+copilot skill remove my-skill           # remove an installed skill by name
+```
+
+You can also run `/skill` (or the existing `/skills`) inside an interactive session to see what's loaded. The `copilot skill` subcommand is the recommended way to install skills that aren't packaged inside a plugin.
+
 **Q: How are skills different from prompts?**
 
 A: Skills replace the older prompt file (`*.prompt.md`) format. Skills offer agent discovery (prompts were manual-only), bundled assets (prompts were single files), and cross-platform portability via the Agent Skills specification. If you have existing prompts, consider migrating them to skills.