Since it isn't included in a default query suite, try adding it directly to your codeql-init action's options:

 - name: Initialize CodeQL
 uses: github/codeql-action/init@v3
 with:
 packs: codeql/java-queries:Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql

Note that if you're using a matrix build for multiple languages, you might need to set this in the matrix specification and use this instead, similar to how matrix builds usually treat the languages option:

 with:
 packs: ${{ matrix.packs }}