all the data used to generate the keypair can be monitored, therefore, the key can be duplicated
If Your code production system is not connected to Internet physically, no one have the chance to hijacking the data.
In the real world someone can introduct to Your system a spying devices with mobile Internet modem or trying to spy on Your machines from some short distance.
For example the Monitor is emitting the picture in radiofrequency, and this signal can be captured and reproduced to other monitor or registered.
Or someone can place the camera in Your Office.
But You probably just under audio/video/data spying on Your costs for someone with the Your smartphone (If You Use It).
No idea, who is the max expert in such question for today.
Try to listen
https://blog.kaspersky.com/