fix: address Copilot review round 10 findings

- Fix re.sub in update_file() to use a lambda replacement function
  instead of a replacement string, preventing backslash/group-reference
  corruption in generated table content
- Add _escape_cell() helper to escape pipe characters and collapse
  newlines in markdown table cells from user-submitted data
- Remove unused imports (ipaddress, sys, types) from test module
- Add scripts_count validation for preset submissions (non-negative
  integer when provided)
- Remove stale catalog-table-start/end markers from README.md since
  the extension workflow does not regenerate this table (catalog JSON
  lacks category/effect fields)

Author: mnriem

.github/scripts/catalog-generate-table.py

@@ -60,6 +60,11 @@ def _requires_str_preset(requires: dict) -> str:
     return "—"
 
 
+def _escape_cell(value: str) -> str:
+    """Escape pipe characters and collapse whitespace for markdown table cells."""
+    return value.replace("|", "\\|").replace("\n", " ").replace("\r", "").strip()
+
+
 def build_preset_table(catalog: dict) -> str:
     """Build a markdown table for presets."""
     entries = catalog.get("presets", {})
@@ -69,8 +74,8 @@ def build_preset_table(catalog: dict) -> str:
 
     for _id in sorted(entries):
         e = entries[_id]
-        name = e.get("name", _id)
-        desc = e.get("description", "")
+        name = _escape_cell(e.get("name", _id))
+        desc = _escape_cell(e.get("description", ""))
         provides = _provides_str_preset(e.get("provides", {}))
         requires = _requires_str_preset(e.get("requires", {}))
         repo_url = e.get("repository", "")
@@ -103,12 +108,12 @@ def build_extension_table(catalog: dict) -> str:
 
     for _id in sorted(entries):
         e = entries[_id]
-        name = e.get("name", _id)
-        desc = e.get("description", "")
-        category = e.get("category", "")
+        name = _escape_cell(e.get("name", _id))
+        desc = _escape_cell(e.get("description", ""))
+        category = _escape_cell(e.get("category", ""))
         if category:
             category = f"`{category}`"
-        effect = e.get("effect", "")
+        effect = _escape_cell(e.get("effect", ""))
         repo_url = e.get("repository", "")
         repo_name = _repo_display_name(repo_url)
         lines.append(
@@ -141,7 +146,7 @@ def update_file(path: Path, table: str) -> bool:
     if not pattern.search(content):
         return False
 
-    new_content = pattern.sub(rf"\1\n{table}\n\2", content)
+    new_content = pattern.sub(lambda m: f"{m.group(1)}\n{table}\n{m.group(2)}", content)
 
     if new_content != content:
         path.write_text(new_content)

.github/scripts/catalog-validate.py

@@ -544,6 +544,14 @@ def _add(field: str, ok: bool, msg: str, *, severity: str = "error") -> None:
             _add("Preset Provides", False,
                  "At least one of Templates Provided or Commands Provided is required.")
         # Commands Provided is optional for presets
+        # Validate scripts count if provided
+        scripts_val = fields.get("scripts_count", "").strip()
+        if scripts_val:
+            if not scripts_val.isdigit():
+                _add("Number of Scripts", False,
+                     f"Number of Scripts `{scripts_val}` must be a non-negative integer.")
+            else:
+                _add("Number of Scripts", True, f"Scripts count: {scripts_val}.")
 
     # --- Tags ---
     ok, msg = validate_tags(fields.get("tags", ""))

README.md

@@ -193,7 +193,6 @@ The following community-contributed extensions are available in [`catalog.commun
 - `Read-only` — produces reports without modifying files
 - `Read+Write` — modifies files, creates artifacts, or updates specs
 
-<!-- catalog-table-start -->
 | Extension | Purpose | Category | Effect | URL |
 |-----------|---------|----------|--------|-----|
 | Agent Assign | Assign specialized Claude Code agents to spec-kit tasks for targeted execution | `process` | Read+Write | [spec-kit-agent-assign](https://github.com/xymelon/spec-kit-agent-assign) |
@@ -275,7 +274,6 @@ The following community-contributed extensions are available in [`catalog.commun
 | Wireframe Visual Feedback Loop | SVG wireframe generation, review, and sign-off for spec-driven development. Approved wireframes become spec constraints honored by /speckit.plan, /speckit.tasks, and /speckit.implement | `visibility` | Read+Write | [spec-kit-extension-wireframe](https://github.com/TortoiseWolfe/spec-kit-extension-wireframe) |
 | Worktree Isolation | Spawn isolated git worktrees for parallel feature development without checkout switching | `process` | Read+Write | [spec-kit-worktree](https://github.com/Quratulain-bilal/spec-kit-worktree) |
 | Worktrees | Default-on worktree isolation for parallel agents — sibling or nested layout | `process` | Read+Write | [spec-kit-worktree-parallel](https://github.com/dango85/spec-kit-worktree-parallel) |
-<!-- catalog-table-end -->
 
 To submit your own extension, see the [Extension Publishing Guide](extensions/EXTENSION-PUBLISHING-GUIDE.md).
 

tests/test_catalog_validate.py

@@ -3,9 +3,6 @@
 from __future__ import annotations
 
 import importlib
-import ipaddress
-import sys
-import types
 from pathlib import Path
 from unittest.mock import patch