{"title":"Agent Output Escaping & Encoding","region":"Global","category":"Engineering","description":"Ensure agent-generated content is safe for the downstream UI or system execution by preventing script execution.","lastUpdated":"2026-02-26","steps":["HTML-escape all agent output before rendering in a web browser (Prevent XSS).","Validate and JSON-encode data intended for downstream API consumption.","Sanitize Markdown syntax to prevent unauthorized image or link hijacking.","Enforce UTF-8 character encoding consistency across all output channels.","Mask PII or sensitive secrets in logs while preserving the user-facing output.","Verify output length and structure against the 'Definition of Done' contract."],"url":"https://checklist.day/agent-output-escaping-and-encoding-guardrails"}