Ssd 3
High
- Confidence
- 99% confidence
- Finding
- The skill explicitly instructs storing and reusing plaintext usernames and passwords in `~/.publisher/config.json`, and to refresh tokens by logging in again from those stored credentials. Persisting reusable secrets in plaintext materially increases the risk of credential theft from local compromise, backups, logs, or other processes with filesystem access, especially because the same credentials authorize remote publishing actions.
