I have started playing with opencode and will definitely be looking at what tools I can use to do a security audit.

Did you use a specific model?