What do you expect to achieve with this? If you have no problems with user destroying your invoices from db or in general invoking any methods which cannot be called without arguments then they shouldn't be able to do anything harmful.
However it would be much better to define a list of acceptable methods first.
allowed_methods = [:amount, :date]
string_provided_by_user.gsub(/@invoice\.([^ ]*)/) do |a|
raise 'Nice try!' unless allowed_methods.include? a
@invoice.send(a)
end