If you pass arguments as a list, then Perl takes care of reassembling them appropriately escaped if it needs to on certain platforms (e.g. Win32) -- that's one reason why the recommendation is pass a list to system. That said, I did see some logic for this buried in Shell, but it's not easily available for external use.

But that speaks to ensuring quotes, spaces, etc. make it through to the shell as intended. If you're trying to make a potentially malicious string safe before passing it to the shell, that seems like a tremendously large security risk if you get it wrong so I'd think about whether there's another way, particularly if you want it to be cross-platform, cross-shell, etc.