That's what https://verifiableintent.dev/ is for, right?

Though I also think this is, in a sense, a poorly specified problem: without remote attestation (as with FIDO Security Keys), nothing prevents a human from connecting the "user presence" check to a software-triggered cryptographic key.

And for a variety of privacy and open-web reasons, nobody wants to tie common web flows to remote attestation.

So.... ¯\_(ツ)_/¯