diff --git a/fork-test.js b/fork-test.js
new file mode 100644
index 0000000..a9f6bb4
--- /dev/null
+++ b/fork-test.js
@@ -0,0 +1,14 @@
+// Test file for fork PR scanning
+const express = require('express');
+const app = express();
+
+app.get('/search', (req, res) => {
+  const query = req.query.q;
+  // SQL injection vulnerability for testing
+  const sql = `SELECT * FROM users WHERE name = '${query}'`;
+  db.query(sql, (err, results) => {
+    res.json(results);
+  });
+});
+
+module.exports = app;
diff --git a/fork-vuln-test.js b/fork-vuln-test.js
new file mode 100644
index 0000000..b846659
--- /dev/null
+++ b/fork-vuln-test.js
@@ -0,0 +1,12 @@
+// Fork PR test file
+const express = require('express');
+const app = express();
+
+app.get('/api/user', (req, res) => {
+  const userId = req.query.id;
+  // SQL injection vulnerability
+  const query = `SELECT * FROM users WHERE id = '${userId}'`;
+  db.query(query).then(result => res.json(result));
+});
+
+module.exports = app;