Command injection via clipboard text into cmd /c on Windows

Found via code audit. internal/clipboard/service.go:228. Text interpolated into cmd /c echo ... | clip. Only double-quotes stripped. &, |, ^, % all execute commands. Malicious media title = RCE.