GoReleaser generates checksums.txt with SHA256 hashes for each binary, but install.sh downloads the binary without verifying its integrity.

What to do:

• After downloading the binary, also download checksums.txt from the same release
• Verify the binary hash with sha256sum --check
• Fail the install if verification fails

Files: install.sh