Yeah, the idea is that if the source qube is compromised, it can inject whatever text it wants into the source qube’s clipboard, which then gets picked up by the global clipboard and pasted into the vault. Even “just text” can be damaging, depending on what that text is and where it’s entered:
Now, it’s less likely that something like this will occur if you’re pasting into a password manager, but it’s not inconceivable that there could be a vulnerability in the password manager, and the risk of blindly pasting untrusted text into certain terminal emulators would be even higher.