diff --git a/test-vuln.js b/test-vuln.js
new file mode 100644
index 0000000..8861b86
--- /dev/null
+++ b/test-vuln.js
@@ -0,0 +1,6 @@
+// Test file for fork PR
+function executeCommand(userInput) {
+  // Command injection vulnerability
+  return require('child_process').execSync('echo ' + userInput);
+}
+module.exports = { executeCommand };