From 564a99eba849a3b3a95e99fe1380b8215c381118 Mon Sep 17 00:00:00 2001
From: Evan Mattson <35585003+moonbox3@users.noreply.github.com>
Date: Mon, 2 Feb 2026 15:39:54 +0900
Subject: [PATCH] Potential fix for code scanning alert no. 49: Clear-text
 logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../declarative/agent_framework_declarative/_models.py      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/python/packages/declarative/agent_framework_declarative/_models.py b/python/packages/declarative/agent_framework_declarative/_models.py
index 0132590a1c..3066848927 100644
--- a/python/packages/declarative/agent_framework_declarative/_models.py
+++ b/python/packages/declarative/agent_framework_declarative/_models.py
@@ -39,7 +39,7 @@ def _try_powerfx_eval(value: str | None, log_value: bool = True) -> str | None:
 
     Args:
         value: The value to check.
-        log_value: Whether to log the full value on error or just a snippet.
+        log_value: Whether to log additional context on error.
     """
     if value is None:
         return value
@@ -59,9 +59,9 @@ def _try_powerfx_eval(value: str | None, log_value: bool = True) -> str | None:
         return engine.eval(value[1:], symbols={"Env": dict(os.environ)})
     except Exception as exc:
         if log_value:
-            logger.debug(f"PowerFx evaluation failed for value '{value}': {exc}")
+            logger.debug("PowerFx evaluation failed for a value: %s", exc)
         else:
-            logger.debug(f"PowerFx evaluation failed for value (first five characters shown) '{value[:5]}': {exc}")
+            logger.debug("PowerFx evaluation failed for a value (details redacted): %s", exc)
         return value