diff --git a/install.sh b/install.sh
index cf72346f6d5f..40aea2d14582 100755
--- a/install.sh
+++ b/install.sh
@@ -481,28 +481,33 @@ get_pr_artifact_url() {
         fatal "Installing PR builds requires jq"
     fi
 
+    # Check if unzip is installed
+    if ! [ -x "$(command -v unzip)" ]; then
+        fatal "Installing PR builds requires unzip"
+    fi
+
     if [ -z "${GITHUB_TOKEN}" ]; then
         fatal "Installing PR builds requires GITHUB_TOKEN with k3s-io/k3s repo permissions"
     fi
+
     # GET request to the GitHub API to retrieve the latest commit SHA from the pull request
-    pr_raw=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" "$github_api_url/pulls/$INSTALL_K3S_PR")
-    
-    if ! echo "$pr_raw" | grep -q "Bad credentials.*401" ; then
+    pr_raw=$(curl -f -s -H "Authorization: Bearer ${GITHUB_TOKEN}" "${github_api_url}/pulls/${INSTALL_K3S_PR}")
+    if [ -z "${pr_raw}" ]; then
         fatal "Installing PR builds requires GITHUB_TOKEN with k3s-io/k3s repo permissions"
     fi
-    commit_id=$( echo "$pr_raw" | jq -r '.head.sha')
+    commit_id=$(echo "${pr_raw}" | jq -r '.head.sha')
     
     # GET request to the GitHub API to retrieve the Build workflow associated with the commit
-    wf_raw=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" "$github_api_url/commits/$commit_id/check-runs")
-    build_workflow=$(printf "%s" "$wf_raw" | jq -r '.check_runs[] |  select(.name == "build / Build")')
+    wf_raw=$(curl -s -H "Authorization: Bearer ${GITHUB_TOKEN}" "${github_api_url}/commits/${commit_id}/check-runs")
+    build_workflow=$(printf "%s" "${wf_raw}" | jq -r '.check_runs[] |  select(.name == "build / Build")')
     
     # Extract the Run ID from the build workflow and lookup artifacts associated with the run
-    run_id=$(echo "$build_workflow" | jq -r ' .details_url' | awk -F'/' '{print $(NF-2)}' | sort -rn | head -1)
+    run_id=$(echo "${build_workflow}" | jq -r ' .details_url' | awk -F'/' '{print $(NF-2)}' | sort -rn | head -1)
 
     # Extract the artifact ID for the "k3s" artifact    
-    artifacts=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" "$github_api_url/actions/runs/$run_id/artifacts")
-    artifacts_url=$(echo "$artifacts" | jq -r '.artifacts[] | select(.name == "k3s") | .archive_download_url')
-    GITHUB_PR_URL=$artifacts_url
+    artifacts=$(curl -s -H "Authorization: Bearer ${GITHUB_TOKEN}" "${github_api_url}/actions/runs/${run_id}/artifacts")
+    artifacts_url=$(echo "${artifacts}" | jq -r '.artifacts[] | select(.name == "k3s") | .archive_download_url')
+    GITHUB_PR_URL="${artifacts_url}"
 }
 
 # --- download binary from github url ---
@@ -511,7 +516,7 @@ download_binary() {
         # Since Binary and Hash are zipped together, check if TMP_ZIP already exists
         if ! [ -f ${TMP_ZIP} ]; then
             info "Downloading K3s artifact ${GITHUB_PR_URL}"
-            curl -o ${TMP_ZIP} -H "Authorization: Bearer $GITHUB_TOKEN" -L ${GITHUB_PR_URL}
+            curl -s -f -o ${TMP_ZIP} -H "Authorization: Bearer $GITHUB_TOKEN" -L ${GITHUB_PR_URL}
         fi
         # extract k3s binary from zip
         unzip -p ${TMP_ZIP} k3s > ${TMP_BIN}
diff --git a/install.sh.sha256sum b/install.sh.sha256sum
index 2a09542d1fd6..ef4d0f689fa8 100644
--- a/install.sh.sha256sum
+++ b/install.sh.sha256sum
@@ -1 +1 @@
-2e2469498e1d6a5dcd97d0eeae342298500b27fe0768527ea8039a3295cdbce9  install.sh
+10f0a32125bffb499fcce72182409c36216841bc3a762983c019a718cd343d4d  install.sh