Passkeys are called "phishing-resistant" because (when properly implemented) it's impossible for users to fuck up. They literally cannot be phished into giving an adversary their credentials, no matter what they click or what they do.