diff --git a/pr-leak/secrets.properties b/pr-leak/secrets.properties
new file mode 100644
index 0000000..98cfb28
--- /dev/null
+++ b/pr-leak/secrets.properties
@@ -0,0 +1,10 @@
+# Intentional PR secret leak (FAKE values) — used to test scanner detection
+GITHUB_PAT=ghp_FAKE_PR_TOKEN_ABCDEFG1234567890
+AWS_ACCESS_KEY_ID=AKIAFAKEPRKEYEXAMPLE
+AWS_SECRET_ACCESS_KEY=FAKE_AWS_SECRET_PR_9876543210
+DB_PASSWORD=veryinsecurepassword123
+PRIVATE_KEY=-----BEGIN PRIVATE KEY-----
+FAKE_PR_PRIVATE_KEY_LINE_1
+FAKE_PR_PRIVATE_KEY_LINE_2
+-----END PRIVATE KEY-----
+SERVICE_ACCOUNT_JSON={"type":"service_account","project_id":"pr-fake","private_key_id":"fakeid","private_key":"-----BEGIN PRIVATE KEY-----\nFAKE_JSON_KEY\n-----END PRIVATE KEY-----\n"}