form-workflows
Enables the creation of complex multi-step forms with conditional logic and validation for enhanced user experiences.
Install this skill
Security score
The form-workflows skill was audited on Feb 9, 2026 and we found 25 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 76 | html: ` |
Template literal with variable interpolation in command context
| 103 | form: `step-${stepNumber}-form` |
Template literal with variable interpolation in command context
| 106 | console.log(`Step ${stepNumber} schema:`, this.stepSchemas[stepNumber].schema); |
Template literal with variable interpolation in command context
| 113 | state: `wizard-step-${stepNumber}`, |
Template literal with variable interpolation in command context
| 136 | const formElement = document.querySelector(`form[name="step-${this.currentStep}-form"]`); |
Template literal with variable interpolation in command context
| 141 | form: `step-${this.currentStep}-form`, |
Template literal with variable interpolation in command context
| 163 | this.formData[`step${this.currentStep}`] = stepData; |
Template literal with variable interpolation in command context
| 200 | const input = document.querySelector(`[name="${field}"]`); |
Template literal with variable interpolation in command context
| 329 | const formElement = document.querySelector(`form[name="${this.formName}"]`); |
Template literal with variable interpolation in command context
| 333 | const triggerField = formElement.querySelector(`[name="${condition.field}"]`); |
Template literal with variable interpolation in command context
| 351 | const field = document.querySelector(`[name="${fieldName}"]`); |
Template literal with variable interpolation in command context
| 388 | const formElement = document.querySelector(`form[name="${this.formName}"]`); |
Template literal with variable interpolation in command context
| 517 | const response = await fetch(`/api/check-email?email=${email}`); |
Template literal with variable interpolation in command context
| 565 | alert(`Error in step(s) ${error.affectedSteps.join(', ')}: ${error.message}`); |
Template literal with variable interpolation in command context
| 582 | this.storageKey = `form_progress_${formId}`; |
Template literal with variable interpolation in command context
| 673 | const message = `You have saved progress from ${Math.round(hoursSince)} hours ago (Step ${progress.currentStep}). Resume?`; |
Template literal with variable interpolation in command context
| 709 | const formElement = document.querySelector(`form[name="step-${this.currentStep}-form"]`); |
Template literal with variable interpolation in command context
| 765 | console.log(`Skipping question ${index} (condition not met)`); |
Template literal with variable interpolation in command context
| 772 | html: ` |
Template literal with variable interpolation in command context
| 812 | `<label><input type="radio" name="answer" value="${opt.value}" required /> ${opt.label}</label>` |
Template literal with variable interpolation in command context
| 817 | `<label><input type="checkbox" name="answer" value="${opt.value}" /> ${opt.label}</label>` |
Template literal with variable interpolation in command context
| 840 | console.log(`Answer to "${question.text}": ${answer}`); |
Template literal with variable interpolation in command context
| 965 | ```javascript |
Fetch to external URL
| 232 | const response = await fetch('/api/registration/', { |
Fetch to external URL
| 874 | await fetch('/api/survey/', { |