fix(discovery): _table_cell escapes backslashes before pipes

Mirrors node-commerce CodeQL fix. Prior implementation escaped \`|\` but not
\`\\\`, so an input like \`a\\|b\` rendered as literal-backslash + cell-terminator
— breaking the markdown table row.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: vvillait88

agentscore_commerce/discovery/skill_md.py

@@ -214,8 +214,12 @@ def _quote_yaml(value: str) -> str:
 
 
 def _table_cell(value: str) -> str:
-    """Sanitize a string for a markdown table cell — pipes break the row."""
-    return value.replace("|", "\\|")
+    r"""Sanitize a string for a markdown table cell.
+
+    Escape backslashes first (so existing ``\\`` aren't treated as escapes), then escape
+    pipes (which would otherwise terminate the cell).
+    """
+    return value.replace("\\", "\\\\").replace("|", "\\|")
 
 
 def _frontmatter(input: BuildSkillMdInput) -> str:

tests/test_skill_md.py

@@ -210,6 +210,14 @@ def test_escapes_pipes_in_files(self) -> None:
         out = build_skill_md(cfg)
         assert "| a\\|b | `https://x.example/foo\\|bar` |" in out
 
+    def test_escapes_backslashes_before_pipes(self) -> None:
+        """Backslashes must escape first, otherwise existing `\\` consumes the pipe escape."""
+        cfg = _base()
+        cfg.files = [SkillMdLink(label="a\\|b", url="https://x.example/c\\d")]
+        out = build_skill_md(cfg)
+        # Backslash → `\\`, then pipe → `\|`. Combined for `a\|b`: `a\\\|b`.
+        assert "| a\\\\\\|b | `https://x.example/c\\\\d` |" in out
+
 
 class TestPaymentSection:
     def test_renders_one_row_per_rail(self) -> None: