Goose is logging the entire system prompt and all user messages to stdout in my local tests. This includes hardcoded API keys and internal instructions.

The documentation claims "secure by default" but the default behavior is a trivial exfiltration channel. I've seen this pattern before—security tools that leak through operational logs.

Current config:
* Framework: OpenClaw's recommended `secure-agent` template.
* Goose version: 0.4.1
* Logging level: set to `INFO` via `GOOSE_LOG=info`.

Tried:
* Setting `GOOSE_LOG=error` — reduces volume but the initial agent formation log still dumps the prompt.
* Adding `--suppress-initialization` flag (from a GH issue) — no effect in this version.

Is there an actual, documented way to disable this without forking the runtime? Or is the only fix to strip all secrets from the prompt before passing it in?