By skimming docs I notice that you use <%- %> tags for outputting un-escaped strings. In contrast ERB uses <%- and -%> for trimming leading and trailing whitespace of the surroundings. In security sensitive context of escaping output you might not want to appear as mimicing ERB while deviating at the same time. A user might end up using un-escaped output all over the place by accident.

But great work overall!