I would suggest chapter 23 (Security) from the Camel book (Programming Perl 3rd ed).
The first thing you can do, as long as you don't need anything from the shell (i.e. globbing), is to use system in a list context. Something like:

@args = qw/-p $project->name/;
push @args, '-f' if $force;
system "inc_seqs", @args;
[download]

This prevents potentially bad metacharacters from being interpreted by the shell (which system would use otherwise). In addition, to help out with taint checking, the following sub is suggested to test for tainted variables:

sub is_tainted {
    my $arg = shift;
    my $nada = substr( $arg, 0, 0 );  # zero-length
    local $@;  # preserve caller's version
    eval { eval "# $nada" };
    return length($@) != 0;
}
[download]

Good luck!