The authenticator only signs when the requesting origin matches the passkey's stored RP ID, so a look-alike domain gets no valid assertion. It is not a heuristic domain warning, not tied to the TLS certificate as a key, and the private key is never transmitted at all.
Official docs