Can you please provide just one? No other comment does that.

And to be clear, I'm talking about providing at least one legit use for passing user input directly to exec without any kind of filtering...

Test cases for a PHP vulnerability scanner[1]

[1] https://news.ycombinator.com/item?id=7665232

The sourcecode of a hypothetical Github commenting bot searching for this vulnerability will have the same search token, and will be flagged.

A great example is: https://github.com/andresriancho/w3af-moth

He deliberately wrote vulnerable code to test his auditing script. There are more repos like this.

That's fair. But that's also the vast minority of these results that I can tell...