It appears that zap scans for blind SQL inj in numeric fields using this method:

1. Do a baseline request for the url: ...?param=2
2. Injects SQL query: ...?param=2 AND 1=1

If the two responses are identical then it concludes that SQL inj is possible. But sometimes a validator will strip out non-numeric content, leading to a false positive.
This can be improved by making an additional request:

3. ...?param=2 AND 1=2
   If this returns the same response as 1 and 2, then it's likely a false positive.

ZAP has been migrated to github

This issue will be on github issues with the same ID: https://github.com/zaproxy/zaproxy/issues