Reply:
As soon as you connect your USB disk to your computer, the Operating System and any program that is running on it can have access to your USB disk data (unless it is blocked by Anti virus or something). And it is not hard for a malware to copy itself on your USB disk (infect it so to speak) or read and copy its data.
For example if it is a bitcoin specific malware it can read your USB, analyze the files to see if it can find a wallet file, a list of private keys, ... and using those private keys it can broadcast it to the attacker or sweep them!
If you want to transfer sensitive information like your private keys, then do it on a clean and "air tight gapped sorry, my English sucks sometimes!" computer. You can use a live linux without persistence which is disconnected from the internet.
I dont understand few things in this post. How can a malware read the file is related to wallet or not? It should be present there to do that and guess transferring from one USB to directly another won't give the file path to malware? Moreover, is it possible to send file via sandbox of antivirus where no malware can even touch the stuff.