It's reasonable to assume that once the token is leaked, the attacker has full access to the data exposed to the token in question (given the availability of the 1password/connect-api).
What's the attack surface is the connect-api itself is compromised? How much you can do by having the json file at hand?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided