Second, your adversary gets to study your algorithm and hand you a dastardly clever 'coin'. [0]
Third, your algorithm runs, but has access to a second unbiased source of randomness. [1]
Under those circumstances, your algorithm has a chance!
Basically, you use your extra source of randomness to create a secret key; then use that key to encrypt your adversary's bit-stream from their "coin". If your encryption algorithm has 'ciphertext indistinguishability under chosen-plaintext attack' https://en.wikipedia.org/wiki/Chosen-plaintext_attack this scheme should roughly work, unless your attacker has exponentially more computing power than you do.
[0] To make the challenge fair, assume that our adversary has an obligation to put at least a bit of entropy into their "coin". Eg by having an unrelated third-party pick an arbitrary bit-stream that our adversary has to transmit via their "coin". How the adversary encodes that is up to them; and they can be as wasteful as they like. They just have to be able to decode it, too.
[1] You have to use that source sparingly to make it a challenge.
1) If you expected the filter algorithm to detect and warn on bad/malicious randomness, this doesn't work
2) More importantly, if you have a CSPRNG and a source of randomness as part of your filter you can simply throw away the "coin" because just implemented your own RNG.
I don't expect (1). For (2), yes, it's essentially that; but you add some extra mechanisms around to make use of any entropy sources you can find, even if some of them are tainted.
Basically what /dev/random does in Linux: they still use the potentially tainted 'coins' despite having a CSPRNG.
If your adversary knows your secret state, they can tailor their to-be-XOR-ed data to steer your state wherever they want to.
The threat model where this is realistic is when your adversary built your hardware random number generator that you use to add entropy to your pool. (And that's assuming that this piece of hardware can see the other entropy sources that go into your pool, but can not directly exfiltrate that information into the outside world.)
Look at the following setup:
First, you pick a cleanup/filter algorithm.
Second, your adversary gets to study your algorithm and hand you a dastardly clever 'coin'. [0]
Third, your algorithm runs, but has access to a second unbiased source of randomness. [1]
Under those circumstances, your algorithm has a chance!
Basically, you use your extra source of randomness to create a secret key; then use that key to encrypt your adversary's bit-stream from their "coin". If your encryption algorithm has 'ciphertext indistinguishability under chosen-plaintext attack' https://en.wikipedia.org/wiki/Chosen-plaintext_attack this scheme should roughly work, unless your attacker has exponentially more computing power than you do.
[0] To make the challenge fair, assume that our adversary has an obligation to put at least a bit of entropy into their "coin". Eg by having an unrelated third-party pick an arbitrary bit-stream that our adversary has to transmit via their "coin". How the adversary encodes that is up to them; and they can be as wasteful as they like. They just have to be able to decode it, too.
[1] You have to use that source sparingly to make it a challenge.