The queries were merged into [CodeQL repository](https://github.com/github/codeql/tree/main/javascript/ql/src/experimental/Security/CWE-094).  
Read more about the research on [https://securitylab.github.com/research/github-actions-untrusted-input](https://securitylab.github.com/research/github-actions-untrusted-input).