The following commands showcase how you could create a key externally, export it to ascii armored files and move it to a token.
In order to access pass in an emergency, you could also use the same keys imported to your gpg and without moving them to a Nitrokey. It does not matter where the key is stored just for access.
Of course you would want to safeguard the external keys and personalize 2 or 3 tokens with the same key and just use them on a day2day basis.
docker run -it debian bash
apt update
apt install -y gpg
# generate key offline
gpg --generate-key
gpg -K
#/root/.gnupg/pubring.kbx
#------------------------
#sec rsa3072 2022-11-17 [SC] [expires: 2024-11-16]
# 3AF568D5A4A3687D955E32D0E9C8271C027CD9C1
#uid [ultimate] Test Key <none@example.com>
#ssb rsa3072 2022-11-17 [E] [expires: 2024-11-16]
# export public and private key - THIS HAS TO BE DONE BEFORE IN ORDER TO PERSONALIZE ANOTHER IDENTICAL TOKEN!
gpg --export --armor 3AF568D5A4A3687D955E32D0E9C8271C027CD9C1 > 3AF568D5A4A3687D955E32D0E9C8271C027CD9C1-public.asc
gpg --export-secret-keys --armor 3AF568D5A4A3687D955E32D0E9C8271C027CD9C1 > 3AF568D5A4A3687D955E32D0E9C8271C027CD9C1-private.asc
### START HERE ###
# change gpg home to a temporary location and import keys again
export GNUPGHOME=`mktemp -d`
gpg -K
#gpg: keybox '/tmp/tmp.13aIxCV2FX/pubring.kbx' created
#gpg: /tmp/tmp.13aIxCV2FX/trustdb.gpg: trustdb created
gpg --import 3AF568D5A4A3687D955E32D0E9C8271C027CD9C1*.asc
#gpg: key E9C8271C027CD9C1: public key "Test Key <none@example.com>" imported
#gpg: key E9C8271C027CD9C1: secret key imported
#gpg: key E9C8271C027CD9C1: "Test Key <none@example.com>" not changed
#gpg: Total number processed: 2
#gpg: imported: 1
#gpg: unchanged: 1
#gpg: secret keys read: 1
#gpg: secret keys imported: 1
gpg --edit-key 3AF568D5A4A3687D955E32D0E9C8271C027CD9C1
#gpg> keytocard
#Really move the primary key? (y/N) y
You could skip the first part and start with the import of your backed up keys.