What Are the Possible List of Linux Bash Shell Injection Commands

Is command injection possible within shell scripts without the use of eval?

Yes, it is possible. But it is not so simple as you mention.
See below some example.

It will not works:

$ read -p "Type some text:" var1
Type some text:Example;hostname

$ echo $var1
Example;hostname

$ $var1
Example;hostname: command not found

But if you use like this, yes, it will work:

$ read -p "Type some text:" var1
Type some text:hostname

$ echo $var1
hostname

$ $var1
SSBLZMVM1

Is it possible to perform shell injection through a read and/or to break out of quotes?

Not according to: https://developer.apple.com/library/mac/documentation/OpenSource/Conceptual/ShellScripting/ShellScriptSecurity/ShellScriptSecurity.html

Search for 'Backwards Compatibility Example'

How to shell command inject a file

Select option 2, and enter the following note:

';cat flag.txt;echo '

This works because it doesn't escape the note input, so when you substitute the note you get

/bin/echo '';cat flag.txt;echo '' >> mynotes.txt

This will be executed by the SUID shell. It will output flag.txt to the terminal, and write a blank line into mynotes.txt.

prevent script injection when spawning command line with input arguments from external source

The correct and safe way to pass the values of variables VAR1 and VAR2 as arguments to /usr/bin/tool is:

/usr/bin/tool -- "$VAR1" "$VAR2"

The quotes prevent any special treatment of separator or pattern matching characters in the strings.
The -- should prevent the variable values being treated as options if they begin with - characters. You might have to do something else if tool is badly written and doesn't accept -- to terminate command line options.
See Quotes - Greg's Wiki for excellent information about quoting in shell programming.
Shellcheck can detect many cases where quotes are missing. It's available as either an online tool or an installable program. Always use it if you want to eliminate many common bugs from your shell code.
The curly braces in the line of code in the question are completely redundant, as they usually are. Some people mistakenly think that they act as quotes. To understand their use, see When do we need curly braces around shell variables?.
I'm guessing that the /bin/sh in the question was intended to be a #! /bin/sh shebang. Since the question was tagged bash, note that #! /bin/sh should not be used with code that includes Bashisms. /bin/sh may not be Bash, and even if it is Bash it behaves differently when invoked as /bin/sh rather than /bin/bash.
Note that even if you forget the quotes the line of code in the question will not cause commands (like rm -rf /) embedded in the variable values to be run at that point. The danger is that badly-written code that uses the variables will create and run commands that include the variable values in unsafe ways. See should I avoid bash -c, sh -c, and other shells' equivalents in my shell scripts? for an explanation of (only) some of the dangers.

Are these awk commands vulnerable to code injection?

Sure, both are vulnerable, the first a bit less so.

This breaks your second line:

HWLINK="/{}BEGIN{print \"Your mother was a hamster and your father smelt of elderberries\"}/"

The only reason it doesn't break your first line is, in order to be able to be injected into the first line it must not contain spaces.

HWLINK="/{}BEGIN{print\"Your_mother_was_a_hamster_and_your_father_smelt_of_elderberries\"}/"

I see you already got the correct syntax to use :)