From 0f5ac68b92319b7fcc4c49625d1acd845bf87b13 Mon Sep 17 00:00:00 2001
From: Nick Tindle <nick@ntindle.com>
Date: Thu, 5 Feb 2026 22:15:28 -0600
Subject: [PATCH] fix: add virus scanning to WorkspaceManager.write_file()

Defense in depth - scan content at the persistence layer regardless of
caller. Previously scanning was only at entry points (store_media_file,
WriteWorkspaceFileTool), which created a trust boundary.

Closes OPEN-2993
---
 autogpt_platform/backend/backend/util/workspace.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/autogpt_platform/backend/backend/util/workspace.py b/autogpt_platform/backend/backend/util/workspace.py
index a2f1a61b9e..86413b640a 100644
--- a/autogpt_platform/backend/backend/util/workspace.py
+++ b/autogpt_platform/backend/backend/util/workspace.py
@@ -22,6 +22,7 @@ from backend.data.workspace import (
     soft_delete_workspace_file,
 )
 from backend.util.settings import Config
+from backend.util.virus_scanner import scan_content_safe
 from backend.util.workspace_storage import compute_file_checksum, get_workspace_storage
 
 logger = logging.getLogger(__name__)
@@ -187,6 +188,9 @@ class WorkspaceManager:
                 f"{Config().max_file_size_mb}MB limit"
             )
 
+        # Virus scan content before persisting (defense in depth)
+        await scan_content_safe(content, filename=filename)
+
         # Determine path with session scoping
         if path is None:
             path = f"/{filename}"