e.g. sdkman-install.sh uses mkdir that is not a more or less secure bash function but might be overloaded by a simple user function. So, you should update any calls to mkdir to s.th. like /usr/bin/env mkdir to not execute the user function if it exist but the real mkdir binary.
This expands to many others like: rm, etc. too!
Pull requests welcome!
#lock /me is working on that