Passkeys would be vulnerable to phishing if password managers allowed you to export them in plaintext. Because the phishing page would just show you the steps to do this and paste the private key in.
But because most managers have no UI for doing this, it's impossible to trick someone into doing it.
Password managers could warn about this, like "WEBSITES WILL NEVER ASK YOU FOR THIS DATA". I don't think we should cripple Passkeys and limit syncing to third-party walled gardens because users are stupid.
But because most managers have no UI for doing this, it's impossible to trick someone into doing it.