Two main ways: first, as I said in my original comment, you don't reveal the key when you use a passkey. So at worst a phisher might be able to get you to sign a challenge that they are facing to get into your account once, but they would not be able to re-use your credentials to get in again or to get into another site. And second, in a proper implementation you would have a separate key for every site you want to authenticate to, so a phisher would not have to merely phish you, they would have to mount an MITM attack on an HTTPS session (or find some other way to impersonate the site they are trying to phish your credentials for). That's not impossible, but it's orders of magnitude harder than impersonating a site through a typosquatting attack.
So, it really doesn’t prevent phishing. If you can get someone to give you their password, you can probably get them to click approve. The real benefit is to the service provider, not having to worry about leaking a secret if they get compromised.
They would have to get you to install a malicious version of your web browser and/or passkey manager, as all legitimate implementations enforce having the correct TLS domain, which is significantly harder than getting you to visit a random URL.
It depends on the type of attack being mounted, but a typical phishing attack is mounted as a MITM attack. With passkeys, a MITM cannot get the client to even ask the user to approve the transaction because the attacker cannot authenticate as the relying party.
You can attack passkeys by, say, compromising the user's machine, but that's not phishing.
If you got tricked into logging into goggle.com or something the FIDO2 auth would fail because a) the URL would not match the credential metadata and b) the resulting assertion, a signature over data which includes the URL, would not be valid (google.com would not accept it).
"Hi, this is Bob from blah support, we need to confirm your account is a correct. When prompted please confirm to give us access". if someone is dumb enough to hand out a password, they are dumb enough to click approve. Phishing is a social attack, not a technical attack.
Your passkey provider will simply refuse to show that it has a credential for Bob's phishing convincing phishing site. RP challenges are bound to a domain for this purpose.