diff --git a/actions/setup-cli/install.sh b/actions/setup-cli/install.sh
index 9e529ff4332..e4e1bee3b54 100755
--- a/actions/setup-cli/install.sh
+++ b/actions/setup-cli/install.sh
@@ -2,15 +2,15 @@
 
 # Script to download and install gh-aw binary for the current OS and architecture
 # Supports: Linux, macOS (Darwin), FreeBSD, Windows (Git Bash/MSYS/Cygwin)
-# If no version is specified, it will use "latest"
-# Note: Checksum validation is currently skipped by default (will be enabled in future releases)
+# If no version is specified, it will install the latest stable release.
+# Checksum validation is enabled by default to protect against tampering.
 # 
 # Usage: ./install.sh [version] [options]
 #
 # Examples:
-#   ./install.sh                           # Install latest version
+#   ./install.sh                           # Install latest stable version
 #   ./install.sh v1.0.0                    # Install specific version
-#   ./install.sh --skip-checksum           # Skip checksum validation
+#   ./install.sh v1.0.0 --skip-checksum    # Install without checksum validation
 #
 # Options:
 #   --skip-checksum                   Skip checksum verification
@@ -19,7 +19,7 @@
 set -e  # Exit on any error
 
 # Parse arguments
-SKIP_CHECKSUM=true  # Default to true until checksums are available in releases
+SKIP_CHECKSUM=false  # Checksum validation enabled by default
 TRY_GH_INSTALL=false  # Whether to try gh extension install first
 VERSION=""
 
@@ -27,7 +27,6 @@ VERSION=""
 if [ -n "$INPUT_VERSION" ]; then
     VERSION="$INPUT_VERSION"
     TRY_GH_INSTALL=true  # In GitHub Actions, try gh install first
-    SKIP_CHECKSUM=false  # Enable checksum validation in GitHub Actions
 fi
 
 for arg in "$@"; do
@@ -168,7 +167,7 @@ print_info "Platform: $PLATFORM"
 REPO="github/gh-aw"
 
 if [ -z "$VERSION" ]; then
-    print_info "No version specified, using 'latest'..."
+    print_info "No version specified, using latest stable release..."
     VERSION="latest"
 else
     print_info "Using specified version: $VERSION"
diff --git a/install-gh-aw.sh b/install-gh-aw.sh
index 9e529ff4332..1a359f762f9 100755
--- a/install-gh-aw.sh
+++ b/install-gh-aw.sh
@@ -2,15 +2,15 @@
 
 # Script to download and install gh-aw binary for the current OS and architecture
 # Supports: Linux, macOS (Darwin), FreeBSD, Windows (Git Bash/MSYS/Cygwin)
-# If no version is specified, it will use "latest"
-# Note: Checksum validation is currently skipped by default (will be enabled in future releases)
+# If no version is specified, it will install the latest stable release.
+# Checksum validation is enabled by default to protect against tampering.
 # 
-# Usage: ./install.sh [version] [options]
+# Usage: ./install-gh-aw.sh [version] [options]
 #
 # Examples:
-#   ./install.sh                           # Install latest version
-#   ./install.sh v1.0.0                    # Install specific version
-#   ./install.sh --skip-checksum           # Skip checksum validation
+#   ./install-gh-aw.sh                           # Install latest stable version
+#   ./install-gh-aw.sh v1.0.0                    # Install specific version
+#   ./install-gh-aw.sh v1.0.0 --skip-checksum    # Install without checksum validation
 #
 # Options:
 #   --skip-checksum                   Skip checksum verification
@@ -19,7 +19,7 @@
 set -e  # Exit on any error
 
 # Parse arguments
-SKIP_CHECKSUM=true  # Default to true until checksums are available in releases
+SKIP_CHECKSUM=false  # Checksum validation enabled by default
 TRY_GH_INSTALL=false  # Whether to try gh extension install first
 VERSION=""
 
@@ -27,7 +27,6 @@ VERSION=""
 if [ -n "$INPUT_VERSION" ]; then
     VERSION="$INPUT_VERSION"
     TRY_GH_INSTALL=true  # In GitHub Actions, try gh install first
-    SKIP_CHECKSUM=false  # Enable checksum validation in GitHub Actions
 fi
 
 for arg in "$@"; do
@@ -168,7 +167,7 @@ print_info "Platform: $PLATFORM"
 REPO="github/gh-aw"
 
 if [ -z "$VERSION" ]; then
-    print_info "No version specified, using 'latest'..."
+    print_info "No version specified, using latest stable release..."
     VERSION="latest"
 else
     print_info "Using specified version: $VERSION"
diff --git a/scripts/test-install-script.sh b/scripts/test-install-script.sh
index dda5793f6fd..301da47da3e 100755
--- a/scripts/test-install-script.sh
+++ b/scripts/test-install-script.sh
@@ -280,10 +280,10 @@ echo ""
 echo "Test 10: Verify 'latest' version functionality"
 
 # Check for "latest" as default version
-if grep -q "using 'latest'" "$PROJECT_ROOT/install-gh-aw.sh"; then
-    echo "  ✓ PASS: Script uses 'latest' as default version"
+if grep -q "latest stable" "$PROJECT_ROOT/install-gh-aw.sh"; then
+    echo "  ✓ PASS: Script uses 'latest stable' as default version"
 else
-    echo "  ✗ FAIL: Script does not use 'latest' as default version"
+    echo "  ✗ FAIL: Script does not use 'latest stable' as default version"
     exit 1
 fi