Two general comments about security: First, consider the value of your data (how motivated are attackers to get it), and possible attack vectors. Second, all security is a compromise, between statistically better protection of your data, versus loss of convenience, cost of managing, and sense of false security making things actually worse.
I would think that password prompts which are entered via the keyboard or the clipboard from a password manager, are vulnerable for keyloggers.
If all your keystrokes (whether typed at a keyboard, or cut-and-pasted from a password manager) are being recorded by a keylogger, you have completely lost the war. At this point, your geli password is just one small battle. One of the things that protects you somewhat is that installing a keylogger and analyzing all keystrokes is very expensive for an attacker, and only likely to happen if you have high value data, or are the target of well-equipped hackers (big criminal organizations, nation-states, or intelligence agencies). Therefore, I conclude that you have organized your affairs such that the probability of a key logger running is very low.
All this leaves the question of where your password is stored. A yellow sticker on the edge of your monitor can be very secure, or very insecure, depending on the physical location of your monitor. Your brain can be very secure or insecure, depending on whether you like to pick bad passwords, talk to yourself while sitting in coffee shops, and what your pain tolerance during torture is (that's called a rubber hose attack, look it up on the web).
When a keyfile is used I suppose that file can be found and is vulnerable too.
That depends on how the keyfile is stored. Here is a very secure example: The only copy of the keyfile exists on a USB stick, and that USB stick is nearly always in your pocket (for example with the keys to your house and your car). You only plug it in for a moment after booting, when you need to unlock the geli partition. That is very secure. Opposite example: The key file is unprotected, stored on a FAT partition of the same disk that holds your geli partition: Exceedingly insecure if someone gets logged in as root, or takes physical possession of the disk drive.
As above explained examples have no way to read it from smartcards or hardware token directly, how safe are they?
If implemented well, they are often the safest option, because they rely on something you have (the physical key), something you know (the password), and some characteristic (like the fingerprint), or at least two of the three. But implementing this is a lot of work, and I don't know a simple recipe for doing it in the open source ecosystem.
I am not an expert but what is the best choice?
It depends on your requirements, your use case, and your skills and resources.