In the case of prompting, a lot of the work is actually in shaping the context -- typically using data you already have from somewhere else. The prompt really doesn't care about the quoting and parsing would have been done beforehand when the content was acquired.
With respect to mitigating injections, when dealing with user entered prompt fragments, I don't think there's any templating engine that would be able to address this because it's not a standard format like SQL or JavaScript. Typically, we run the input prompt through another prompt first to test for validity of the prompt in the context of the flow and reject the prompt fragment if it's not valid for the context.
Not something a template engine is going to solve.
With respect to mitigating injections, when dealing with user entered prompt fragments, I don't think there's any templating engine that would be able to address this because it's not a standard format like SQL or JavaScript. Typically, we run the input prompt through another prompt first to test for validity of the prompt in the context of the flow and reject the prompt fragment if it's not valid for the context.
Not something a template engine is going to solve.