Would be good to include some strings that replace part or all of the matched pattern in common regex libraries e.g:

• $0, ${0} or \0
• $1, ${1} or \1

The first set replaces the entire matched pattern back in the output in PHP preg_replace, the second set replaces the first group in the matched pattern.

In both cases they can be used to corrupt strings in interesting ways by attackers if part of the replacement pattern is controlled.