>It shows an install.sh which curl downloads a master.zip from a public github repo
A repo that is an alias to another one. Someone can create this repo breaking the alias and thus being able to serve whatever they want. This is the so-called "repojacking" and what GP is also talking about.
A repo that is an alias to another one. Someone can create this repo breaking the alias and thus being able to serve whatever they want. This is the so-called "repojacking" and what GP is also talking about.