It is possible to inject data while encoding json when a string is passed to the indent argument. 

Here is an example of an injection attack.

```python
import json

data = {"a": "original data"}
indent = '"b": "injected data",\n'
json_string = json.dumps(data, indent=indent)
print(json_string)
```

Output:
```
{
"b": "injected data",
"a": "original data"
}
```

This is a vulnerability because it is common for CLI and web frameworks to use string as the default data type for arguments. The vulnerability is more likely to be realized for CLI applications where there is more likely to be a use case for exposing the indent parameter to external users in order to control the json output. While this could be prevented by the application using the json encoder, the potential attach vector is not obvious or clear to developers. I cannot see any use case for allowing strings to be passed as indent, so I propose that indent is cast to integer on __init__ of the encoder. I will submit a corresponding PR.

The code works as expected. I do not think there is a problem with the json module. If some application accepts user input and use it without validation to control the formatting of sensitive data, it is a vulnerability in this application, not in tools which it uses.

Sounds good. If this is the design intent, then we can close the issue.