There is a public getForm method that can be used to access the CAPTCHA's HTML. However, there is not a clean way to access the associated modules. Currently, they are added directly to the OutputPage passed in. However, this makes it hard to pull them out, causing issues (see e.g. T140472: Flow: Update to stop using buildCssLinks and for related ConfirmEdit change).
I suggest we should remove the OutputPage parameter. We can use an associative array like https://github.com/wikimedia/mediawiki/blob/master/includes/api/ApiParse.php#L374-L386 (plus a key for the HTML itself).
This would be a breaking change, and require callers to register the modules themselves.