We'll add a text input box to patio11bot, and a button that allows the user to ask a question.
Is it secure enough to put raw user's input directly into the page as HTML?
This site is just a static site that doesn't even have a backend, so yes - it's perfectly safe to put user input on the page like that. There's nothing that they could mess up except for their own browser.
But you bring up a good point: if this input was going back into a database, and then was going to be served and displayed on other people's browsers, then you would need to worry about sanitizing inputs, etc at that point.