fix: prevent XSS vulnerability using rehype-sanitize

[Ankana-Sadhukhan]

• Install rehype-sanitize package
• Add rehypeSanitize plugin to ReactMarkdown component
• Automatically strips dangerous HTML (script tags, event handlers)
• Protects users' API keys from malicious LLM outputs

Fixes: XSS vulnerability in agent output rendering
Closes #373

What does this PR do?

Adds HTML sanitization to the markdown output renderer so malicious LLM responses cannot execute scripts or event handlers in the browser.

Type of change

• New agent
• Bug fix
• UI improvement
• Docs update
• Something else (describe below)

Checklist

For every PR:

• I was assigned to this issue before starting
• I have read CONTRIBUTING.md
• This PR is linked to issue [Security]: Sanitize Markdown Output to Prevent XSS Attacks #373
• I tested this locally with npm run dev
• No API keys are anywhere in my code
• I did not add any new packages without discussing it first

For new agent PRs:

• I tested the agent with a real API key
• I created a new file in src/agents/definitions/ with the agent config
• The agent id is lowercase and uses kebab-case (like my-agent-name)
• The icon name is from lucide.dev/icons
• The system prompt clearly describes the format of the output
• This agent is not a duplicate of one that already exists

Anything else I should know?

No UI changes were made. This PR only hardens markdown rendering against malicious HTML and event-handler injection.

[vercel]

@Ankana-Sadhukhan is attempting to deploy a commit to the aditthyass' projects Team on Vercel.

A member of the Team first needs to authorize it.

[mergify]

Hey @Ankana-Sadhukhan! 👋
Wow — your first contribution to iloveAgents! This is a big deal and I want you to know it means a lot. 🎊
Every agent on this platform started exactly like this — someone like you deciding to spend their time building something useful for everyone. That is something to be proud of.
A few things while you wait for the review:

• ⭐ Star the repo if you haven't already. Star it here
• 📖 Check the Contributing Guide
• 💬 Drop a comment if you get stuck — I reply within 24 hours
  Can't wait to ship this with you. 🚀
  Welcome to the iloveAgents family. 🙏
  — @AditthyaSS

[mergify]

hey @Ankana-Sadhukhan! 👋
Your PR title doesn't follow our required format.
Please update it to:
type: short description
Valid types: feat, fix, docs, style, refactor, test, chore
Example: feat: add sales discovery agent
— @AditthyaSS

[mergify]

hey @Ankana-Sadhukhan! 👋
Your PR doesn't seem to be linked to an issue.
Please add this line to your PR description:
Closes #issue_number
Replace issue_number with the actual issue number you are solving.
This helps us track what each PR is fixing! 🔗
— @AditthyaSS

[Ankana-Sadhukhan]

Hi @AditthyaSS,

I have updated the PR title according to the project guidelines and linked the PR to Issue #373 using "Closes #373".

Kindly review it and let me know if any further changes are required.

Thank you!