diff --git a/.github/workflows/gemini-review.yml b/.github/workflows/gemini-review.yml
index e59ca67..9eefefc 100644
--- a/.github/workflows/gemini-review.yml
+++ b/.github/workflows/gemini-review.yml
@@ -40,7 +40,7 @@ jobs:
           permission-contents: 'read'
           permission-issues: 'write'
           permission-pull-requests: 'write'
-
+    
       - name: 'Acknowledge request'
         env:
           GITHUB_TOKEN: '${{ steps.mint_identity_token.outputs.token || secrets.GITHUB_TOKEN || github.token }}'
@@ -52,6 +52,7 @@ jobs:
           gh issue comment "${ISSUE_NUMBER}" \
             --body "${MESSAGE}" \
             --repo "${REPOSITORY}"
+
       - name: 'Checkout repository'
         uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8' # ratchet:actions/checkout@v5
 
@@ -185,4 +186,3 @@ jobs:
               }
             }
           prompt: '/security:analyze-github-pr'
-
diff --git a/tool.py b/tool.py
new file mode 100644
index 0000000..9bf636a
--- /dev/null
+++ b/tool.py
@@ -0,0 +1,15 @@
+import subprocess
+
+# Get untrusted input from a user
+hostname = input("Please enter the hostname to ping: ")
+
+# VULNERABLE: Building a command string and using shell=True
+# The f-string directly inserts the user's text into the command.
+command = f"ping -c 3 {hostname}"
+
+print(f"--- Running command: {command} ---")
+
+# shell=True tells Python to pass the entire string to the system's shell 
+# (like /bin/sh or cmd.exe) to be interpreted.
+try:
+    subprocess.run(command, shell=True, check=True)