diff --git a/pkgs/native_assets_cli/example/build/download_asset/lib/src/hook_helpers/download.dart b/pkgs/native_assets_cli/example/build/download_asset/lib/src/hook_helpers/download.dart
index 12bb92129..1a7bb4cae 100644
--- a/pkgs/native_assets_cli/example/build/download_asset/lib/src/hook_helpers/download.dart
+++ b/pkgs/native_assets_cli/example/build/download_asset/lib/src/hook_helpers/download.dart
@@ -37,6 +37,10 @@ Future<File> downloadAsset(
 }
 
 Future<String> hashAsset(File assetFile) async {
+  // TODO(dcharkes): Should this be a strong hash to not only check for download
+  // integrity but also safeguard against tampering? This would protected
+  // against the case where the binary hoster is compromised but pub is not
+  // compromised.
   final fileHash = md5.convert(await assetFile.readAsBytes()).toString();
   return fileHash;
 }