I have a few doubts in your writeup. Firstly how did you come up with trying ${{7*7}}... And how did you know that {% could bypass {{...
And also after that why couldn't we just directly try "cat flag.txt" instead of "{% print(x.init.globals.builtins.import("os")["popen"]("cat flag.txt").read()) %}"... Like how did you know that the framework is using python? I am just a beginner in CTFs and helping this kid out will be really appreciated :)

1. As usual I always tried any payload such as SQLi, Command Injection, etc. And because this website is using python, you can check this
2. Read this
3. Because it's SSTI vulnerability
4. You can check the HTTP response header. If you found Werkzeug / Python in the response header, that means the website uses python

Alright, thanks for the help. It is clearer to me now