How are you storing the password for SFTP? Are you hardcoding it in package? If yes, it wont be able to read it unless you set correct password in sql server agent for package which you gave during development
The ideal way to do it is to create a variable to store it and create the script file for WinSCP dyamically using it Then make it a configuration item and then set values correctly in config file, either XML or sql server table
thats because of your packages protection level. The best method is what I suggested as I've shown in the link so that its independent of your packages protection level property. Did you try it at all?