It's likely that you won't be able to update or 'flash' anything useful this way anyway since the update itself can be pre-loaded into flash but then has to be executed by the PSP. That is also the reason you can't switch architectures without an old CPU since the new CPU won't be able to start without the update, and without an update it can't perform a normal flash.
Flashing directly over SPI is a bad idea too since 10 years on modern platforms because flash memory essentially has a filesystem that contains many things to make your system work like configuration data specific to your own system, signatures, firmwares for the ECs, PSP, Ethernet controllers, USB controllers, microcode patches, and the initial loaded firmware for the CPU itself. If you just wipe whatever you have and dump whatever someone else had into your flash chip you essentially cloned their board. So you get their MAC address, their serial numbers, their UUID etc. If that's not a problem then you can just clone it. Keep in mind that very recent boards also lock the chips together, so if your CPU was bound to your digital signature and you flash someone else's firmware your CPU will never start.
The capsule files and all other packaged updates aren't full "dump everything in the flash chip" updates, they don't need to be. Most updates only contain a bit of an UEFI update, mostly DXE and sometimes PEI. Then there are microcode updates that are added in, same as PSP code and sometimes updates to the EC firmware. Only the DXE and PEI updates are 'visible' to the user where a DOS-based, EFI-based or in-firmware based tool will show you a 'progress bar' etc. Everything else is done silently. A CAP file (and most other update files) aren't just "the rom and some extra bits". It does contain a flash filesystem and header, but it also contains instructions for the update code to what parts of the flash can be updated and with which sections of the update file that was supposed to happen. Sometimes they do silly things like first reading most DMI data, then flashing DMI and other parts, and then writing the DMI data back, generating a new checksum and if they are really dumb, generating a new signature.
Instead of trying to 'hack' things, just get an old CPU on loan somewhere.