How does your device log you in with a passkey?
Your device creates and stores a complex secret (too long for a human to remember), and something that pairs with it that it can give to the website you want to start logging into.
When you try to log in, the website sends your device a challenge based on what it has that can only be responded to by the secret your device has. Your device also checks its really you before responding.
Your device knows which secrets are for which websites, so it can't be tricked.