This is the most severe risk. Open-source repos on GitHub are not scanned by any antivirus before publishing. Several security researchers have reported:
Searching for license keys on GitHub often leads to "Gists" or repositories claiming to host "cracked" versions or lists of keys. tableplus license key github