What are you doing wrong?
Trying to set values by placeholder strings, instead use the formatting tools offered pg-promise (or rather - a mix of those approaches).
How to substitute parameters in the request
Yes, something like that, for example:
db.query(` SELECT * FROM table WHERE id NOT IN ($(list:csv)) LIMIT $(limit) `, obj)