diff --git a/src/rattler_build_conda_compat/jinja/jinja.py b/src/rattler_build_conda_compat/jinja/jinja.py
index 20d7774..f89bc35 100644
--- a/src/rattler_build_conda_compat/jinja/jinja.py
+++ b/src/rattler_build_conda_compat/jinja/jinja.py
@@ -3,6 +3,7 @@
 from typing import Any, TypedDict
 
 import jinja2
+from jinja2.sandbox import SandboxedEnvironment
 import yaml
 
 from rattler_build_conda_compat.jinja.filters import _bool, _split, _version_to_build_string
@@ -29,7 +30,7 @@ def jinja_env() -> jinja2.Environment:
     Target platform, build platform, and mpi are set to linux-64 by default.
     """
 
-    env = jinja2.Environment(
+    env = SandboxedEnvironment(
         variable_start_string="${{",
         variable_end_string="}}",
         trim_blocks=True,