my $str  = 'abcadefaghi';
my $pat  = '(a.)';
my $repl = '$1 ';
#$repl = q/";`arbitrary_command`;$whoops="/;

$str = munge_string($str, $pat, $repl);

sub munge_string {
    my ( $str, $pat, $repl ) = @_;
    # make $repl safe to eval
    $repl =~ s/([^A-Za-z0-9\$])/\\$1/g;
    $repl = '"' . $repl . '"';
    $str =~ s/$pat/$repl/eeg;
  return $str;
}

print "$str\n";