Security
Prefer using template_format='f-string' instead of template_format='jinja2',
or make sure to NEVER accept jinja2 templates from untrusted sources as they may
lead to arbitrary Python code execution.
As of LangChain 0.0.329, Jinja2 templates will be rendered using Jinja2's
SandboxedEnvironment by default. This sand-boxing should be treated as a
best-effort approach rather than a guarantee of security, as it is an opt-out
rather than opt-in approach.
Despite the sandboxing, we recommend to never use jinja2 templates from
untrusted sources.
