Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

wenmin-wu/llm-structured-output-sanitization

Name: llm-structured-output-sanitization
Author: wenmin-wu

skills/llm/structured-output-sanitization/SKILL.md

npx skillsauth add wenmin-wu/ds-skills llm-structured-output-sanitization

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Structured Output Sanitization

Overview

Even with constrained prompts, LLMs produce invalid or disallowed markup — extra attributes, unsupported elements, malformed path data. Post-generation sanitization parses the output as XML, walks the tree, removes anything not in an allowlist, validates structural properties (e.g., SVG path d attribute syntax), and serializes the cleaned result. This is the defense-in-depth complement to prompt-level constraints: the prompt reduces violations, sanitization eliminates them.

Quick Start

from lxml import etree
import re

ALLOWED = {
    'svg': {'viewBox', 'width', 'height', 'xmlns'},
    'circle': {'cx', 'cy', 'r', 'fill', 'stroke'},
    'rect': {'x', 'y', 'width', 'height', 'fill', 'stroke'},
    'path': {'d', 'fill', 'stroke', 'stroke-width'},
    'common': {'transform', 'opacity'},
}
PATH_RE = re.compile(r'^[MmLlHhVvCcSsQqTtAaZz0-9\s,.\-eE]+$')

def sanitize_svg(svg_string):
    parser = etree.XMLParser(remove_blank_text=True, remove_comments=True)
    root = etree.fromstring(svg_string.encode(), parser=parser)
    to_remove = []
    for el in root.iter():
        tag = etree.QName(el.tag).localname
        if tag not in ALLOWED:
            to_remove.append(el); continue
        allowed_attrs = ALLOWED[tag] | ALLOWED.get('common', set())
        for attr in list(el.attrib):
            if etree.QName(attr).localname not in allowed_attrs:
                del el.attrib[attr]
        if tag == 'path' and not PATH_RE.match(el.get('d', '')):
            to_remove.append(el)
    for el in to_remove:
        if el.getparent() is not None:
            el.getparent().remove(el)
    return etree.tostring(root, encoding='unicode')

Workflow

Parse LLM output as XML with lxml (lenient parser)
Walk the element tree
Remove elements not in the allowlist
Strip disallowed attributes from remaining elements
Validate structural constraints (path syntax, attribute formats)
Serialize cleaned tree back to string

Key Decisions

lxml over regex: Tree-walking is robust to nesting; regex breaks on complex markup
Fail gracefully: If parsing fails entirely, return a safe default
Path validation: SVG paths with invalid d data crash renderers — validate or remove
Generalizes to: HTML sanitization (XSS prevention), XML config validation

References

Drawing with LLMs - Getting Started with Gemma 2

wenmin-wu/llm-structured-output-sanitization

skills/llm/structured-output-sanitization/SKILL.md

Parses LLM-generated markup (SVG, HTML, XML) with lxml, strips disallowed elements and attributes via an allowlist, and validates structural constraints like path data.

24 stars

development

Updated Apr 18, 2026

$ install --global

skillsauth

npx skillsauth add wenmin-wu/ds-skills llm-structured-output-sanitization

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 18, 2026, 3:29 AM41.6s1 file scanned

SKILL.md

name:: llm-structured-output-sanitization
description:: >

Structured Output Sanitization

Overview

Quick Start

from lxml import etree
import re

ALLOWED = {
    'svg': {'viewBox', 'width', 'height', 'xmlns'},
    'circle': {'cx', 'cy', 'r', 'fill', 'stroke'},
    'rect': {'x', 'y', 'width', 'height', 'fill', 'stroke'},
    'path': {'d', 'fill', 'stroke', 'stroke-width'},
    'common': {'transform', 'opacity'},
}
PATH_RE = re.compile(r'^[MmLlHhVvCcSsQqTtAaZz0-9\s,.\-eE]+$')

def sanitize_svg(svg_string):
    parser = etree.XMLParser(remove_blank_text=True, remove_comments=True)
    root = etree.fromstring(svg_string.encode(), parser=parser)
    to_remove = []
    for el in root.iter():
        tag = etree.QName(el.tag).localname
        if tag not in ALLOWED:
            to_remove.append(el); continue
        allowed_attrs = ALLOWED[tag] | ALLOWED.get('common', set())
        for attr in list(el.attrib):
            if etree.QName(attr).localname not in allowed_attrs:
                del el.attrib[attr]
        if tag == 'path' and not PATH_RE.match(el.get('d', '')):
            to_remove.append(el)
    for el in to_remove:
        if el.getparent() is not None:
            el.getparent().remove(el)
    return etree.tostring(root, encoding='unicode')

Workflow

Parse LLM output as XML with lxml (lenient parser)
Walk the element tree
Remove elements not in the allowlist
Strip disallowed attributes from remaining elements
Validate structural constraints (path syntax, attribute formats)
Serialize cleaned tree back to string

Key Decisions

lxml over regex: Tree-walking is robust to nesting; regex breaks on complex markup
Fail gracefully: If parsing fails entirely, return a safe default
Path validation: SVG paths with invalid d data crash renderers — validate or remove
Generalizes to: HTML sanitization (XSS prevention), XML config validation

References

Drawing with LLMs - Getting Started with Gemma 2

Related Skills

wenmin-wu/timeseries-scaled-pinball-loss

data-ai

VerifiedTrustedCommunity

Scaled Pinball Loss (SPL) metric for evaluating quantile forecasts, normalized by mean absolute successive differences of training data

31SKILL.mdUpdated Apr 23, 2026

wenmin-wu/timeseries-scaled-pinball-loss

wenmin-wu/timeseries-retroactive-outlier-rescaling

data-ai

VerifiedTrustedCommunity

Walk backward through a time series and multiplicatively rescale segments when jumps exceed a fraction of the running mean to correct data collection anomalies

31SKILL.mdUpdated Apr 23, 2026

wenmin-wu/timeseries-retroactive-outlier-rescaling

wenmin-wu/timeseries-ratio-target-for-smape

testing

VerifiedTrustedCommunity

Transform forecasting target to next/current ratio minus one so that optimizing MAE or squared error implicitly minimizes SMAPE

31SKILL.mdUpdated Apr 23, 2026

wenmin-wu/timeseries-ratio-target-for-smape

wenmin-wu/timeseries-quantile-ratio-scaling

tools

VerifiedTrustedCommunity

Convert point forecasts to prediction intervals by scaling with logit-transformed quantile ratios passed through a Normal CDF

31SKILL.mdUpdated Apr 23, 2026

wenmin-wu/timeseries-quantile-ratio-scaling

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/wenmin-wu/ds-skills.git

# Copy into Claude Code skills folder (global)
cp -r ds-skills/skills/llm/structured-output-sanitization ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

wenmin-wu/ds-skills

24 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT