Otherwise a malicious website targeting Tridactyl users who use the native messenger could gain shell access when you triggered your command on them.