Threat modelling of downloading a script and piping it to shell: https://arp242.net/curl-to-sh.html
One problem mentioned in  that I agree with: You can't inspect a copy of what you just executed. I usually download the script and look at what it does first, to see where this unpackaged software installs to.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!