I looked at HTTP::Tiny and it doesn't seem to execute JS.

> My intuition tells me that if targeting scrapers specifically, there would be a risk.

Yes you are right, if a software has any kind of potential to execute injected code² an attacker could try to target it.

I strongly doubt that this is the case here, it should be as safe as storing the HTML on disk.°

Unless of course it contains the satanic bible encoded in reversed UTF666 ...

°) well ... maybe it's possible to run a DOS attack with clever circular redirections, but this page would be a time trap for every browser. And this could be countered with a timeout mechanism.

²) you could try to parse the code and all dependencies and investigate all string eval statements.