my $content = `curl --silent -k -u admin:pass https://url/api/v2/GetDeviceInfo?$ARGV[0]`;

Instant shell injection vulnerability:

# have your validated backup ready
perl yourscript.pl ';rm -rf /'
[download]

And if someone can also gain control over the API server, a nice way to export data:

perl yourscript.pl ' --data-binary @/etc/passwd'
[download]

In fact, no attack on the API server is needed, a simple DNS manipulation is sufficient. You wouldn't even notice that something is wrong when someone managed to manipulate the DNS and makes your script connect to the wrong server presenting a wrong certificate, because you explicitly switched off certificate verification (curl -k a.k.a. curl --insecure).

And, as you were told in the first reply by Corion++, you don't need to shell out at all. Perl can do HTTPS just fine without external tools like curl.

Alexander