The Arch User Repository is meant for user-generated packages and any Arch user can contribute their packages for use by others. Whenever a package gets orphaned — has no maintainer — other users are free to pick it up and maintain it.
The Arch Linux project has a standard warning about using these packages at a user's risk, with the AUR page saying: "AUR packages are user-produced content. Any use of the provided files is at your own risk."
One of the packages altered was the Adobe Acrobat Reader; the names of the other two have not been revealed.
Two commands were intended to be run: uname -a which gives some system information and systemctl list-units which details the processes that systemd has in memory; By default only units which are active, have pending jobs, or have failed are shown.
But the attacker appears to have been a rank amateur and misspelled his/her command, using "uploader" where "upload" should have been used.
Thus, all the good (?) work done by him/her came to naught.
The incident occurred on 7 July; the packages were deleted and the user's account removed in a couple of days.