The problem is twofold - the sourcing application should tell you which protocol handler is being invoked (this is where IE/Edge fails) - but the protocol handler itself should also not do anything unexpected. When you open a https://.... link, you know it's not going to run a local application. Similarly, ms-officecmd:... should open some sort of Office application, and nothing else. I think that's the minimum of a security guarantee you can expect from any program.