https://blog.thc.org/infecting-ssh-public-keys-with-backdoors
The above web page describes how to exploit systems via the athorized_keys
file and purports to describe how to hide backdoors in ~/.ssh/id_*.pub, the
only way that second claim could be valid is by using ssh-copy-if to blindly
copy a .pub file that has the command= string in question installed.
To address this sort of thing (and also to prevent needless confusion from
less hostile uses of command=) I think ssh-copy-id should either warn about
the use of command= in the source file or copy a sanitised version unless
explicitely told to copy that with an optional parameter.