If the computer where registration happens is not trusted, no authentication protocol will help. Compare this attack ("malicious computer substitutes passkey at registration time") with a password one ("malicious computer substitutes password at registration time").

But unlike a compromised password, a compromised passkey can be detected much more easily, since the "real" key will end up not working, unless the attacker also adds it to the victim's account.

Then it should be very obvious if the site displays the user's registered passkeys.

That should be very noticeable to the victim though, right?

Their own key would not work (unless the attacker persistently MITMs them and swaps their own credential in for every subsequent authentication) or they'd see multiple credentials being present in their account.

It's also a good idea to send out an email for every new credential added.

> Chrome needs to be started with remote debugging

Pretty confident that is out of scope for any reasonable threat model.