To present a passkey, you have to use a password manager. This provides some anti-phishing protection. A passkey includes metadata, including the site/app that created it, and the password managers simply won’t provide the passkey to the wrong site/app. There’s no social-engineering technique someone can use to get you to copy and paste your passkey to an enemy.
Is the main advantage of a passkey that it won't let you copy and paste it or is it that it's tied to a specific app/url?