diff --git a/MANIFEST.in b/MANIFEST.in
new file mode 100644
index 0000000000..91e4adb60c
--- /dev/null
+++ b/MANIFEST.in
@@ -0,0 +1,52 @@
+## Include files and folders
+
+# include folders
+recursive-include flytekit *
+recursive-include flytekit_scripts *
+recursive-include plugins *
+
+# include specific files
+include README.md
+include flytekit/py.typed  # marker file for PEP 561
+include flytekit/deck/html/template.html
+
+include CHANGELOG.md
+include LICENSE
+
+include MANIFEST.in
+include pyproject.toml
+include setup.py
+include setup.cfg
+
+
+## Exclude files and folders
+
+# exclude folders
+recursive-exclude tests *
+recursive-exclude docs *
+recursive-exclude boilerplate *
+recursive-exclude .github *
+
+# exclude dist folder:
+#  - contains the generated *.tar.gz and .whl files.
+recursive-exclude dist *
+
+# exclude requirements files
+exclude requirements.*
+exclude requirements-*.*
+exclude doc-requirements.*
+exclude dev-requirements.*
+
+# exclude config files
+exclude .gitignore
+exclude .readthedocs.yaml
+exclude .pre-commit-config.yaml
+exclude codecov.yml
+
+# exclude other repository management files
+exclude Dockerfile.py*
+exclude Makefile
+exclude NOTICE
+exclude pull_request_template.md
+exclude CODEOWNERS
+exclude CODE_OF_CONDUCT.md
diff --git a/flytekit/deck/deck.py b/flytekit/deck/deck.py
index 599b886ab0..24f8dcf514 100644
--- a/flytekit/deck/deck.py
+++ b/flytekit/deck/deck.py
@@ -1,7 +1,7 @@
 import os
 from typing import Optional
 
-from jinja2 import Environment, FileSystemLoader
+from jinja2 import Environment, FileSystemLoader, select_autoescape
 
 from flytekit.core.context_manager import ExecutionParameters, ExecutionState, FlyteContext, FlyteContextManager
 from flytekit.loggers import logger
@@ -111,5 +111,13 @@ def _output_deck(task_name: str, new_user_params: ExecutionParameters):
 
 root = os.path.dirname(os.path.abspath(__file__))
 templates_dir = os.path.join(root, "html")
-env = Environment(loader=FileSystemLoader(templates_dir))
+env = Environment(
+    loader=FileSystemLoader(templates_dir),
+    # 🔥 include autoescaping for security purposes
+    # sources:
+    # - https://jinja.palletsprojects.com/en/3.0.x/api/#autoescaping
+    # - https://stackoverflow.com/a/38642558/8474894 (see in comments)
+    # - https://stackoverflow.com/a/68826578/8474894
+    autoescape=select_autoescape(enabled_extensions=("html",)),
+)
 template = env.get_template("template.html")
diff --git a/flytekit/deck/html/template.html b/flytekit/deck/html/template.html
index 3992ab9c0f..6bec37effe 100644
--- a/flytekit/deck/html/template.html
+++ b/flytekit/deck/html/template.html
@@ -68,18 +68,20 @@
 
 </head>
 <body>
+    <!---{#% autoescape true %#}--->
     <nav id="flyte-frame-nav">
         <ul id="flyte-frame-tabs">
             {% for key, value in metadata.items() %}
-                <li onclick="handleLinkClick(this)">{{key}}</li>
+                <li onclick="handleLinkClick(this)">{{ key | safe }}</li>
             {% endfor %}
         </ul>
     </nav>
     <div id="flyte-frame-container">
         {% for key, value in metadata.items() %}
-            <div>{{value}}</div>
+            <div>{{ value | safe }}</div>
         {% endfor %}
     </div>
+    <!---{#% autoescape %#}--->
 </body>
 <script>
     const setTabs = index => {
diff --git a/flytekit/py.typed b/flytekit/py.typed
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/setup.py b/setup.py
index 6a7b25ae0c..85af8691b6 100644
--- a/setup.py
+++ b/setup.py
@@ -20,9 +20,11 @@
     version=__version__,
     maintainer="Flyte Contributors",
     maintainer_email="admin@flyte.org",
-    packages=find_packages(exclude=["tests*"]),
+    packages=find_packages(
+        include=["flytekit", "flytekit_scripts", "plugins"],
+        exclude=["boilerplate", "docs", "tests*"],
+    ),
     include_package_data=True,
-    package_data={"": ["template.html"]},
     url="https://github.com/flyteorg/flytekit",
     description="Flyte SDK for Python",
     long_description=open("README.md", encoding="utf-8").read(),