// gt-0003: Three-hop call chain with command injection
// Expected: REACHABLE (tier: executed)
// Vulnerability: CWE-78 (OS Command Injection)

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

void execute_command(const char *cmd) {
    // Vulnerable: system call with user input
    system(cmd);  // SINK: CWE-78
}

void process_input(const char *input) {
    char command[256];
    snprintf(command, sizeof(command), "echo %s", input);
    execute_command(command);
}

int main(int argc, char *argv[]) {
    if (argc > 1) {
        process_input(argv[1]);
    }
    return 0;
}