[-You would be correct if-] It seems you are correct when the protocol works as described in the parent comment.
[-But it so happens that the-] Of course in OTP mode, the YubiKey protocol protects against replay attacks by using a counter on the YubiKey. This (authenticated) counter value is included in the messages that are exchanged during the authentication - and hence any replays can be detected/ignored as the counter value will be less than or equal to the last received counter value.
Edit (deletions marked with [- -]): I had no idea people used modes other than OTP with their YubiKey...
Unfortunately parent is right. What you describe is using generated one time passwords. But there is no way (to my knowledge) to incorporate 2nd string into it.
Ex: right now - myPass<boop the yubikey><long password from yubikey followed by linefeed>
with otp - myPass<boop><hashed and signed one time password that no nothing about myPass>
I should note that currently i'm thinking to migrate to OTP and use brain-string (password that i remember) for filevault and mac login. I will try using OTP for sudo, maybe keychain, will try to add gpg subkey there and see how it'll go.
[-But it so happens that the-] Of course in OTP mode, the YubiKey protocol protects against replay attacks by using a counter on the YubiKey. This (authenticated) counter value is included in the messages that are exchanged during the authentication - and hence any replays can be detected/ignored as the counter value will be less than or equal to the last received counter value.
Edit (deletions marked with [- -]): I had no idea people used modes other than OTP with their YubiKey...