Is passing a list as a bound variable safe from SQL injection?

Here's the python code:

    cursor.execute(textwrap.dedent("""

        select *

        from bundles

        where bundle_id = any(%(list_of_bundle_ids))

        """), {'list_of_bundle_ids': [2,3,4,5,6,7]})

Is there more of a risk of SQL injection here by passing in a list of integers list this?

Also, is there some simple way I can pass in a list of strings that could be converted to integers, like this:

    ["2", "33", "444"]

When I tried passing a list containing a string, I got an "operator does not exist" error.

Finally, I feel like recently I read a blog post that described how using "= any(array[...])" was much slower than using some other approach.

But now I can't find that blog post, and I don't remember the other approach.  Any ideas?

Thanks for the help!

Matt