Does a user need to specify their projectId when calling the blueprint from the API? If you could create your own ProjectId input, then maybe that could be used for the external action. On the custom form, you can hide that one from the user and just bind it to the "real" projectId field. But when called from the API, it would have to be specified.
We do not have experience with using external actions in cloud templates directly (other than some simple testing a while back), so I am not sure if that would work in general.