diff --git a/cmd/test-semgrep.go b/cmd/test-semgrep.go
new file mode 100644
index 0000000000..336a743598
--- /dev/null
+++ b/cmd/test-semgrep.go
@@ -0,0 +1,26 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os/exec"
+)
+
+func main() {
+	// Another example of untrusted input
+	input := "ping -c 8 google.com; echo hacked"
+
+	ctx := context.Background()
+
+	// Vulnerable: input is directly concatenated into the command
+	command := fmt.Sprintf("sh -c %s", input)
+	cmd := exec.CommandContext(ctx, command)
+
+	// Execute and print the output
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		fmt.Println("Error:", err)
+	}
+	fmt.Println("Output:", string(output))
+}
+