Does it make sense to sanitize the output of an SVG file?

It’s not completely pointless, but probably smart to sanitize, because of the following situations:

  1. What’s the certainty that the SVGs only come from you directly?
  2. Can you guarantee that the SVGs won’t be intercepted during upload?

Redundancies for keeping your site secure are generally recommended.

I don’t know that wp_kses() is the best for sanitizing SVGs though. I’d reference Safe SVG and see how that sanitizes.

tech