Advanced users

What AI can do once you're past the basics. Newer to this? Start with Tutorials and Use cases first — then come back here.

Everything below is a repeatable capability — set it up once and reuse it. Two of them use skills (small, shareable add-ons that teach Claude a specific job), and the last is about giving any assistant lasting context so it stays useful across sessions.

① Branded PowerPoint skill

Generate on-brand Qvantum decks from a single prompt.

② Security-review skill

Audit a codebase and get a findings report.

③ Projects vs declarative agents

Two ways to give an AI lasting context.

Skill · Claude Generate a branded PowerPoint

A skill is a folder you drop into Claude Code that teaches it a repeatable job. /qvantum-powerpoint builds on-brand Qvantum decks straight from the official .potx template — real theme colours (navy #002656), Host Grotesk fonts, the Q logo on every layout — driven by a plain-language prompt, and it renders each slide to an image so it can check the result before handing it over.

Install it (one-time)

Get the qvantum-powerpoint skill folder (shared as a .zip — ask Dominic or an ambassador for the current copy).
Unzip it and copy the folder into your skills folder: USER/.claude/skills/ (macOS / Linux: ~/.claude/skills/ · Windows: %USERPROFILE%\.claude\skills\). You should end up with …/.claude/skills/qvantum-powerpoint/ containing its SKILL.md.
Restart Claude Code. It auto-discovers the skill — type / and you'll see qvantum-powerpoint in the list.

Use it

In any project, type the slash command and describe the deck you want. This is the exact prompt used to build the sample Days of the Week deck:

/qvantum-powerpoint create a powerpoint of 1 title page, then 7 slides which describes the days of the week starting with monday, each slide should be pic + text (max 25 words)

What you get: a finished, brand-correct .pptx — a title slide plus seven picture-and-text slides, each within the 25-word limit, using Qvantum colours, fonts and logo. Claude renders every slide to a PNG first and fixes any spacing / overflow before handing the file over.

Tell it the story (slide count, what each slide says); it picks brand-correct layouts.
Product / stock photos live on SharePoint and can't be fetched by tools — drop them in a local pics from Sharepoint/ folder and the skill finds them.
Same idea works for any deck: "5 slides on our NPI process, one idea per slide."

Skills are just folders — anyone can write one and share it as a zip. That's how this site's two examples spread.

Skill · Claude Run a security review of your code

AI is good at reviewing, not just writing. The /security-review example we built audits a codebase through several independent senior "lenses" (security, access-control, supply-chain, code-quality, architecture/handover, secrets) — then hands every finding to a separate agent told to disprove it before it reaches the report. Multiple lenses give coverage; the adversarial second pass keeps false positives low. The deliverable is a findings report you can act on.

The fastest way — the built-in command

Claude Code ships a /security-review command. Open your repo with Claude Code and run:

/security-review

It scans the working tree (or the current diff) and returns findings with severities, file:line locations, and suggested fixes.

Build your own as a reusable skill

To make it repeatable and tuned to your projects, capture it as a skill. You can ask Claude to scaffold one for you — this is the kind of prompt that does it:

Create a Claude Code skill called "multi-lens-security-audit". Goal: audit one or more codebases and produce a findings report with FEW false positives. Workflow the skill should follow: 1. Scout the project first — tech stack, deploy model, entry points, where the logic lives. 2. Audit through 6 independent lenses: AppSec / vulnerabilities, access-control, supply-chain / CI-CD, code-quality, architecture & handover, secrets / data-exposure. 3. Verify: hand EACH finding to a separate agent prompted to REFUTE it against the real files; drop it or lower its severity if it can't be confirmed from the actual code. 4. Report: one assessment per project (verdict, severity table, numbered findings with file:line + evidence + fix) plus a short cross-project executive summary. Write it as a SKILL.md with a clear description so it triggers on "run a security review / code audit".

Then run it on a repo the same way — /security-review, or "run the multi-lens-security-audit skill on this project."

What the result looks like

A real run on Qvantum's three internal web apps used 6 lenses across 3 projects, ~112 agents, and turned 90 raw findings into 78 verified ones — dismissing 12 as false positives in the adversarial pass. The report flagged issues like:

HIGH — a production site was publicly reachable because its sign-in gate was built but never merged to the deployed branch.
MEDIUM — an internal chat transcript sitting one git add away from being pushed to a repo.
MEDIUM — a hand-over runbook naming the wrong configuration keys, which would break login at cut-over.

Each finding came with the exact file and line, why it matters, and a concrete fix — and the adversarial pass corrected several severities and caught one "issue" that had already been fixed. That's the point: a finding nobody tried to disprove is just a guess.

Concept Projects vs declarative agents

Both are ways to give an assistant lasting context so you don't re-explain yourself every time. They sit at two ends of a spectrum: a project is a personal workspace you iterate in; a declarative agent is a configured assistant you define once and share. The exact product names and limits change often, so this is deliberately described in general terms — check the vendor docs for today's specifics.

	A "project" / project space	A declarative agent
What it is	A container you chat in that holds your files plus a note on what the work is — a Claude Project, a Copilot project/notebook, or just a folder with a `CLAUDE.md`.	An assistant you define once — its instructions and its sources are declared up front, then it behaves the same for everyone who uses it.
How you set it up	Drop in the documents and data, write a short set of custom instructions, then start asking.	Write custom instructions, then attach specific files (Word docs, PDFs) or point it at specific SharePoint sites / OneDrive folders as its knowledge.
Who uses it	Mostly you (and anyone you share the folder / project with) — it grows as you work.	A team — you publish it once and colleagues use the same configured assistant over the same fixed sources.
Best when	Open-ended, evolving work where you're iterating and the context keeps changing.	A repeatable job over known sources — "answer questions from these policy PDFs / this SharePoint site" — that many people need the same way.
Typically lives in	Claude (Projects / Claude Code folders) or Microsoft 365 Copilot project spaces.	Microsoft 365 Copilot (declarative agents, built in Copilot Studio / agent builder).

Rule of thumb. If you are the main user and the work keeps evolving, use a project. If you want a shareable assistant that answers from a fixed set of files or SharePoint/OneDrive sources the same way for everyone, build a declarative agent.

Names and capabilities move fast — confirm the current details in the docs: Claude / Claude Code docs and Microsoft Copilot declarative-agent docs.

Want to try any of these, or build your own skill? Ask Dominic or an AI ambassador, or post in #ai-qvantum on Teams.

Maintained by Dominic Sandner · Last updated 2026-06-24